LABEXPRESS & GARONIT PHARMA: 200 GB OF SHARED INFRASTRUCTURE We have obtained 200 GB of internal data from a US-based group operating under two legal entities: Labexpress and Garonit Pharma. The materials show a single Active Directory domain (LABEXPRESS1.local), a shared file server, and extensive cross‑company records. This data will be made publicly available in the near future. Active Directory Overview - 65 computers, 142 user accounts, 98 groups, 11 organizational units (OUs). - Domain controllers: DC01 (Server 2019), LABXDC01 (Server 2012 R2). - A single AD domain serves both Labexpress and Garonit Pharma. Notable account: cn: Troy Austin sAMAccountName: Taustin memberOf: QuickBooks, LABEXPRESS, LABEXPRESSUSERS The same person appears in Exchange mailboxes as taustin@garonitpharma.com. Weak Passwords and Brute‑Force Indicators - Administrator account: 3,193 failed logon attempts, last successful logon 2026-04-30. - Computer accounts FRONTDESK$, DEV$, LABEL$ – more than 3,000 failures each. - Cleartext password found on FILE01\passwords.txt: Admin: LabExpress2024! - The Domain Admins group includes: Administrator, labadmin, adminiss, Protect, xtratech, LAE009-CT. - Password for user Protect: Password123! - Outdated password templates in the “SBSUsers” OU are still in use. Mail Servers and Exchange - LABSERVER2 runs Windows Server 2003 SP2 with Exchange 2007. - Full mailbox export performed using the built‑in Export-Mailbox cmdlet – no special exploit required. Contents of the Obtained Data (200 GB) We have data from drive E:\, including: 1. Financial & Accounting - QuickBooks Enterprise 2021 installer and data files (QB2021.DSN, QB2021.ND). - Folder: E:\Garonit Documents\Clients 2022\ – hundreds of invoices, COAs, and COCs (e.g., Amtrade International INV# 50268.pdf for ~21M USD, Estee Lauder Inv# 24.pdf). - Folder: E:\Garonit Documents\ACCOUNTS PAYABLES 2022 09 22\ – detailed accounts payable records for 50+ vendors. 2. Quality & Production - Thousands of COA/COC files (e.g., CHG 20% Lot 429012 CoA.pdf, COC CHG 20%, Lot# 705103.docx). - Complete batch records for 2023–2026 (folders Batch Records\2023, 2024, 2025, 2026). - Stability study protocols and raw HPLC data for CHG 0.12% Oral Rinse. 3. ANDA & Regulatory Documentation - Folder “00 Oral Rinse ANDA-Old One” – complete ANDA dossier, including DMF, method validation, stability, and correspondence with the FDA. - Files: ANDA Checklist-Oral Rinse.docx, DMF Assessment in advance.pdf. 4. Vendor & Customer Records - Folder: E:\Garonit Documents\Vendor from 2022 07 19 TO 2022 09 21\Vendor\ – dossiers on each supplier (contracts, invoices, assessments). - Folder: E:\LABEXPRESSDATA\ALL LEI ORDERS\ – customer purchase orders and sales quotations. 5. Human Resources (HR) - Folder: E:\LABEXPRESSDATA\HUMAN RESOURCES\ – employment contracts, W‑9 forms, tax deductions, resignation letters. - Passport scans, Green Card copies, health insurance records for many employees. - Files: Employee Handbook.pdf, PTO Request Form.docx, Time off request form.pdf. 6. Internal Communications & Scans - Directory “C224E BIZHUB SCANNER DUMPS” containing subfolders named after employees (Burcu, Frank, Iliany, Kelvin, Dave, Randy, Sudhir, etc.). - Scans include: Green Cards, IDs, credit card authorization forms, bank letters, and correspondence with the IRS. - Examples: Burcu Green Card.pdf, Rohit Garg X-Ray.pdf, SKM_C250i... (thousands of scanned documents). 7. Tax & Banking Documentation - Correspondence with the IRS, State of New Jersey, Valley National Bank, Citibank. - Files: IRS Notice Lab Express.pdf, Valley Bank Garonit Deceember 2020.pdf, Credit Application, Bank instructions.pdf. Shared Infrastructure – Observed Facts - The same Active Directory domain and file server (drive E:\) store data for both Labexpress and Garonit Pharma. - Cross‑company records reside in the same folders (e.g., “Garonit Documents” and “LABEXPRESSDATA” coexist on the same drive). - User Troy Austin has an AD account (Taustin) and also uses the email address taustin@garonitpharma.com. - Purchase orders, invoices, COA/COC files refer to both companies interchangeably. - At the IT level, there is no separation between the two legal entities. The obtained data demonstrates that Labexpress and Garonit Pharma operate on a single, shared IT infrastructure. All files, accounts, mailboxes, and production records are stored on the same systems. A 200 GB archive will be publicly released in the near future.