The Eindbazen 'Forensic Unit Computer Knowledge & Advanced Persistent Threats' and the 'Special Unit Cracking Kiddies Investigations Team' are currently investigating a new Scriptkiddie Group working under the name of 'The Figuurzagers'. This team is suspected of hacking various crappy protected environments to place flags on these systems. The NFI provided us with a network tap of one of the attacks. Could you recover the flag for us?

Note: The file is in TIIT format
Encryption key: hashlib.sha256("OHM2013 X Y!").digest()[0:24] where X and Y represent lowercase English words that start with an r
Target Identifier: md5(eindbazen)
Provider Identifier: 51040
Hint: Remember, the first PDU will be "HI2: Start Session"