Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 1 of 38 PageID
`#: 5603
`
`Joint Appendix
`Exhibit 36
`
`
`#: 5603
`
`Joint Appendix
`Exhibit 36
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 2 of 38 PageID
`#: 5604
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`WIZ, INC.,
`Petitioner,
`
`v.
`
`ORCA SECURITY LTD,
`Patent Owner.
`
`_____________________________
`
`Case IPR2024-00864
`Patent No. 11,663,032
`_____________________________
`
`DECLARATION OF DR. ANGELOS STAVROU
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 3 of 38 PageID
`#: 5605
`
`149.
`
`It is therefore my opinion that the combination of Veselov and
`
`Hufsmith teaches all aspects of elements 1.4, 18.4, and 22.4.
`
`7.
`
`Elements 1.5, 18.5, and 22.5
`
`150. These elements recite “[determining/determine] whether the matching
`
`installed applications are used by the protected virtual cloud asset.” Hufsmith
`
`teaches these elements in several ways. As I previously explained, Hufsmith
`
`describes multiple stages of the analysis during which weights (i.e., priorities/threat
`
`levels) for each detected security issue are assigned or adjusted. Supra, §XI.B
`
`(Hufsmith summary). After the set of security issues are identified, several
`
`evaluators (e.g., a malware evaluator and a CVE evaluator) assign initial weights to
`
`the identified items. EX1078 (Hufsmith), ¶¶109, 113-28. A context evaluator
`
`further considers other factors that are used to adjust these weights. Id., ¶¶135-43.
`
`Below, I first explain how Hufsmith teaches elements 1.5/18.5/22.5 with respect to
`
`the context evaluator. I then explain how Hufsmith further teaches these elements
`
`as part of the calculation of the initial weights.
`
`151. First, Hufsmith teaches adjusting previously assigned threat levels
`
`based on whether the associated file/code is dormant or active (i.e., “whether the
`
`matching installed applications are used by the protected virtual cloud asset,” as
`
`recited). Hufsmith uses a “context evaluator” to adjust weights for vulnerabilities
`
`identified by other evaluators based on various context properties. Supra, §XI.B
`
`133
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 4 of 38 PageID
`#: 5606
`
`(Hufsmith summary); EX1078 (Hufsmith), ¶¶135-43, 145. For example, the
`
`“environments” context property includes information about the execution
`
`environment of the virtual image and is used “for adjusting weights associated with
`
`one or more scanner properties.” Id., ¶140. The execution environment records
`
`“indicate which portions of a container image are dormant and which are active in a
`
`given use case,” such as whether a “a subroutine is never invoked” or whether a
`
`“command module is never called” (i.e., which portions are used and which are not
`
`used). Id. In some cases, “[v]ulnerabilities associated with dormant code may be
`
`down-weighted.” Id.
`
`152. A POSA would have understood this dormancy analysis of “code” (or
`
`“portions” of the image) to include, or at least suggest, assessing the
`
`dormancy/activity of installed applications. Supra, §XII.B.5. For example,
`
`Hufsmith notes that the distributed applications represented by the images can
`
`include multiple applications, which it refers to as “bodies of code.” EX1078
`
`(Hufsmith), Abstract, ¶¶3-4. Such applications/code are also “portions” of the
`
`image. A POSA would have recognized that identified malware/CVEs include such
`
`applications/code, meaning that the use determinations I discussed above are being
`
`applied to the “matching installed applications” detected by that analysis. E.g.,
`
`EX1078 (Hufsmith), ¶135 (“The weights determined by the context evaluator 125
`
`134
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 5 of 38 PageID
`#: 5607
`
`may be applied to one or more of the weights determined by the scanner property
`
`evaluators e.g., 105, 110, 115, and 120 to modify them responsive to contextual
`
`information.”).
`
`153. Second, Hufsmith teaches or suggests making the recited use
`
`determination as part of the initial calculation of individual weights. Discussing the
`
`calculation of
`
`individual weights for malware—which
`
`includes
`
`installed
`
`applications that are infected with malware—the malware evaluator considers
`
`“whether the file or code is executed” (i.e., whether the matching installed
`
`application is used by the protected virtual cloud asset). Hufsmith explains that the
`
`malware evaluator evaluates the malware properties of a virtual image, and the
`
`malware properties include a list of known malicious files detected within the virtual
`
`image. Id., ¶121. The list of detected malicious files further includes information
`
`about the file such as “whether the file or code is executed.” Id. The malware
`
`evaluator evaluates this information—including whether the file/code has been
`
`executed—to determine one or more malware weights. Id., ¶124; see also id., ¶¶125-
`
`28 (describing how to determine malware weights, metrics, and values).
`
`154. Additionally, a POSA would have recognized
`
`that
`
`the use
`
`determinations taught by Hufsmith are equally applicable and useful in the context
`
`of the Veselov’s assessment, since that assessment similarly evaluates software
`
`135
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 6 of 38 PageID
`#: 5608
`
`applications. EX1007, (Veselov), 1:34-40 (VMs may include containers, “and each
`
`container has its own process and network space in which the container may, for
`
`example, execute software programs”), 3:32-40 (snapshot may include “a database
`
`of software packages installed in a virtual machine”), 7:16-22 (assessment may
`
`include “software application-level CVEs assessment”), 9:59-67 (snapshot
`
`properties may include “software packages installed” and “software patches
`
`applied”), 13:58-63 (assessment VM includes “software applications 364A”), 17:23-
`
`29 (scanning service reads snapshot data, including “software application 564A”),
`
`18:34-38 (scanning service identifies “software packages”). Determining whether
`
`matching installed applications are used by a security assessment target, as taught
`
`by the combination of the Veselov and Hufsmith, was also consistent with common
`
`practice in the field, since it was well known that whether a vulnerable application
`
`is executed is relevant to level of risk presented by that vulnerability. EX1063
`
`(Hibbert), ¶80 (“[A] potential exclusion or mitigation for the vulnerability report is
`
`based on the context of the users executing Internet Explorer within your
`
`environment. But what if no one uses Internet Explorer, and you have standardized
`
`on another browser like FireFox or Chrome? Yes, the system is technically
`
`vulnerable but the offending application is not used and therefore a lower risk….”);
`
`see also id., ¶¶113-16 (security assessment considers which vulnerable applications
`
`136
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 7 of 38 PageID
`#: 5609
`
`“are being run” and other usage factors). In other words, it was well known that if
`
`a system contains a vulnerability associated with an installed application, that
`
`vulnerability tends to present a relatively greater risk if the application is used and a
`
`relatively lower risk if it is not used. Id., ¶¶80, 113-16.
`
`155.
`
`It is therefore my opinion that the combination of Veselov and
`
`Hufsmith teaches all aspects of elements 1.5, 18.5, and 22.5.
`
`8.
`
`Elements 1.6, 18.6, and 22.6
`
`156. These elements recite “[prioritizing/prioritize] the potential cyber
`
`vulnerabilities based on the use determinations.” As I explained above, Hufsmith
`
`teaches use determinations in two ways: (1) a dormancy/activity determination by
`
`the context evaluator and (2) a determination by the malware evaluator (and
`
`suggested for the CVE evaluator) of whether a file/code is executed. Supra,
`
`§XII.B.6. As I explain below, Hufsmith further teaches prioritizing the
`
`vulnerabilities based on these use determinations. See also supra, §XII.A (reasons
`
`to combine).
`
`157. First, with respect to dormancy determination by the context evaluator,
`
`Hufsmith teaches deprioritizing vulnerabilities associated with applications that are
`
`not used. As Hufsmith explains, “[t]he weights determined by the context evaluator
`
`125 may be applied to one or more of the weights determined by the scanner property
`
`evaluators,” for example, the malware and CVE evaluators, “to modify them
`
`137
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 8 of 38 PageID
`#: 5610
`
`cross-examination in this case and that cross-examination will take place within the
`
`United States. If cross-examination is required of me, I will appear for cross-
`
`examination within the United States during the time allotted for cross-examination.
`
`255.
`
`I declare that all statements made herein of my knowledge are true, and
`
`that all statements made on information and belief are believed to be true, and that
`
`these statements were made with the knowledge that willful false statements and the
`
`like so made are punishable by fine or imprisonment, or both, under Section 1001 of
`
`Title 18 of the United States Code.
`
`Dated: 5/24/2024
`
`By:
`
` /Angelos Stavrou/
`Angelos Stavrou, Ph.D.
`
`198
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 9 of 38 PageID
`#: 5611
`
`Joint Appendix
`Exhibit 37
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 10 of 38 PageID
`#: 5612
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`WIZ, INC.,
`Petitioner,
`
`v.
`
`ORCA SECURITY LTD,
`Patent Owner.
`
`_____________________________
`
`Case IPR2024-01191
`Patent No. 11,775,326
`_____________________________
`
`
`DECLARATION OF DR. ANGELOS STAVROU
`
`
`
`
`
`
`
`
`
`WIZ, Inc. EXHIBIT - 1002
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 11 of 38 PageID
`#: 5613
`
`offending application is not used,” it presents “a lower risk”); EX1078 (Hufsmith),
`
`¶140 (“Vulnerabilities associated with dormant code may be down-weighted in
`
`some cases.”).
`
`211. It is therefore my opinion that claim 7 was obvious.
`
`7.
`
`Claim 8
`
`212. Claim 8 depends from claim 7 and further recites, “wherein determining
`
`whether the matching installed applications are used by the respective protected
`
`virtual cloud asset includes checking configuration files of the matching installed
`
`applications to determine whether at least one of the matching installed applications
`
`is not in use, and wherein prioritizing reduces priority of the at least one matching
`
`installed application not in use.”
`
`213. At the outset, I note that “the matching installed applications” limitation
`
`has not been previously introduced in any of claims 7, 3, or 1 from which claim 8
`
`depends. This language is only used in claims 4 and 5. Nevertheless, the
`
`combination of Veselov and Basavapatna teaches matching installed applications
`
`against lists of known vulnerable applications for the reasons I discussed above in
`
`§§XII.C.3-4. As I explain below, the combination also teaches (1) determining
`
`whether these matching installed applications are used by the respective virtual
`
`cloud asset, (2) this determination includes “checking configuration files of the
`
`matching installed applications to determine whether at least one of the matching
`
`
`
`175
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 12 of 38 PageID
`#: 5614
`
`installed applications is not in use, and (3) prioritizing that reduces priority of the at
`
`least one matching installed application not in use.”
`
`214. First, the combination teaches determining whether the matching
`
`installed applications are used by the respective protected virtual cloud asset. The
`
`previously discussed application-usage determinations include use determinations
`
`for “matching installed applications.” As I explained above, Veselov and
`
`Basavapatna each teach identifying vulnerabilities on an asset by matching the
`
`asset’s installed applications against a list of applications known to be vulnerable.
`
`Supra, §XII.C.3. A POSA would have understood that Basavapatna’s application-
`
`usage determinations apply to these matching installed applications since the
`
`application-usage determinations are performed as part of risk assessments for the
`
`detected vulnerabilities, and the detected vulnerabilities include the matching
`
`installed applications. See, e.g., EX1008 (Basavapatna), ¶105 (determining whether
`
`“any test whose outcome is included in the vulnerability detection data” indicates
`
`that the asset possesses “the corresponding vulnerability or configurations
`
`evidencing the vulnerability”). At a minimum this would have been obvious since
`
`performing the risk determinations (including the application-usage determinations)
`
`for the matching installed applications would have been a straightforward way to
`
`avoid unnecessary risk determinations for thousands of vulnerable applications that
`
`
`
`176
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 13 of 38 PageID
`#: 5615
`
`are not even installed on the asset. See id., ¶72 (“In some systems, the number of
`
`identified, verified, catalogued, or otherwise known system vulnerabilities can be in
`
`excess of 30,000 or more….”).
`
`215. Second, the combination teaches that determining whether matching
`
`installed applications are used by the respective protected virtual cloud asset
`
`includes “checking configuration files of the matching installed applications to
`
`determine whether at least one of the matching installed applications is not in use.”
`
`As an initial matter, Veselov teaches that the snapshot includes configuration files
`
`of installed applications and that the security assessment considers these
`
`configuration files. EX1007 (Veselov), 2:35-41 (analysis may include “host
`
`configuration assessments”), 7:16-22 (exemplary software application-level CVE
`
`assessment based on information that includes list of “all software packages installed
`
`on the virtual machine and their configurations”), 9:55-67 (snapshot includes
`
`“software packages installed, and configurations thereof”). Basavapatna further
`
`teaches that the application-usage determination—which includes determining
`
`whether a given application is “not in use,” as I explained in §XII.C.6—involves
`
`checking application configuration files. The vulnerability-centric and threat-centric
`
`risk metrics are each determined by comparing vulnerability definition data with
`
`“asset configuration data” to determine whether or not an application is in use.
`
`
`
`177
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 14 of 38 PageID
`#: 5616
`
`Supra, §XII.C.6; EX1008 (Basavapatna), ¶¶53 (vulnerability definition data
`
`includes applicability data such as “software application versions” and “application
`
`settings”), 60 (vulnerability detection data generated by “comparing asset
`
`configuration data 207 and vulnerability definition data 205”), 79 (determination of
`
`threat-centric risk metric includes comparing “applicability data for a given threat to
`
`configuration data for a given asset”), 84. For example, determining the
`
`vulnerability-centric risk metric involves “analyzing the vulnerability detection data
`
`206 and/or asset configuration data 207 to determine whether any test whose
`
`outcome is included in the vulnerability detection data identified the asset as
`
`possessing the corresponding vulnerability or configurations evidencing the
`
`vulnerability.” Id., 105 (emphasis added). Basavapatna further explains that this
`
`asset configuration data includes “the software running on the asset, and the
`
`configuration of the software running on the asset.” Id., ¶37 (emphasis added);
`
`see also id., ¶53 (applicability data can specify “software application versions,
`
`application settings, plug-ins, etc.”).
`
`216. At a minimum, given Basavapatna’s teachings that asset configuration
`
`data includes application configurations and that application usage is determined
`
`based on the asset configuration data, it would have been obvious to determine
`
`application usage by checking application configuration files. For example, it was
`
`
`
`178
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 15 of 38 PageID
`#: 5617
`
`well known that such configuration files included information indicating whether or
`
`not applications were in use. See, e.g., EX1079 (Carroll), 31 (Windows registry
`
`tracks “system and application configuration information, as well as user activity”),
`
`32 (a “System Resource Usage Monitor” or “SRUM” collects information allowing
`
`determination of “which applications were running”), 33-34 (“With every Windows
`
`application, developers have the ability to create their own set of registry keys to
`
`track specific configuration and user activity for their application…. Each
`
`application in the Office suite has its own set of ‘FileMRU’ (most recently used files)
`
`that tracks most recent files used and when they were opened.”), 35-36 (further
`
`discussing SRUM).
`
`217. Third, Basavapatna teaches “wherein prioritizing reduces priority of the
`
`at least one matching installed application not in use.” As I discussed above with
`
`respect to claim 7, Basavapatna teaches determining that an application is not in use
`
`as part of determining the vulnerability-centric and threat-centric risk metrics.
`
`Supra, §XII.C. 6. Basavapatna further teaches that the determined risk is lowered if
`
`the application is not running. As I previously explained, both risk metrics may be
`
`based on the same vulnerability detection score, which may be set to a first value
`
`(“e.g., one”) if the application is running or a lower value if the application is not
`
`running (e.g., “zero” when the asset is not vulnerable or “some other value between
`
`
`
`179
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 16 of 38 PageID
`#: 5618
`
`zero and one” when the asset has a lower probability of being vulnerable). EX1008
`
`(Basavapatna), ¶104; see also id., ¶¶78, 83-84 (discussing similar scoring for
`
`applicability/vulnerability scores used in threat-centric risk metric). Applying a
`
`lower coefficient if the application is not running “reduces priority of the at least one
`
`matching installed application,” as recited, since this lowers the ultimate risk metric,
`
`and Basavapatna teachings prioritizing vulnerabilities based on those metrics. For
`
`example, Basavapatna teaches that the system “can list all assets, vulnerabilities, or
`
`threats, sorted by aggregate risk metric, or can list a top number, e.g., top ten, of the
`
`assets, vulnerabilities, or threats.” Id., ¶138; see also id., ¶¶120-28 (aggregate risk
`
`metric for particular vulnerability/threat based on risk metrics for
`
`that
`
`vulnerability/threat across multiple assets). As Basavapatna explains:
`
`Ranking assets, vulnerabilities, and/or threats according to aggregate
`risk scores allows a user to quickly identify which assets are most at
`risk, or which vulnerabilities and threats are most dangerous for a
`system. The user can then remediate the most at-risk assets before
`remediating other less-at-risk assets, or can apply remediations across
`the system for the riskiest vulnerabilities and threats before applying
`remediations for other, less-risky ones.
`
`Id., ¶138; see also id., ¶140 (system may filter out lower-risk vulnerabilities); supra,
`
`§XI.B (Basavapatna summary). At a minimum, reducing the priority of matching
`
`installed applications that are not in use would have been obvious in view of
`
`
`
`180
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 17 of 38 PageID
`#: 5619
`
`Basavapatna’s teachings since it was well known that vulnerabilities associated with
`
`applications that are not in use tend to present lower risk and are therefore a lower
`
`priority. EX1063 (Hibbert), ¶80 (if “the offending application is not used,” it
`
`presents “a lower risk”); EX1078 (Hufsmith), ¶140 (“Vulnerabilities associated with
`
`dormant code may be down-weighted in some cases.”).
`
`218. It is therefore my opinion that claim 8 was obvious.
`
`8.
`
`Claim 9
`
`219. Claim 9 depends from independent claim 1, and its preamble recites
`
`“wherein analyzing the snapshot of the at least one virtual disk of the respective
`
`protected virtual cloud asset further includes….” The claim then recites additional
`
`limitations that are taught by Veselov, as I explain below.
`
`a.
`
`Elements 9.1
`
`220. This element recites “parsing the snapshot of the at least one virtual
`
`disk.” As I explain below, Veselov teaches this element.
`
`221. Veselov teaches such parsing in several ways. For example, Veselov
`
`explains that “[p]rocessing the snapshot data 146 may require applying one or more
`
`rules, instructions, and/or transformations to the snapshot data 146.” EX1007
`
`(Veselov), 8:21-23 (emphasis added). Veselov also describes formatting the
`
`snapshot data with tags identifying the target resource. Id., 9:32-37 (“Additionally
`
`or alternatively, the scanning system may specify parameters related to the format
`
`
`
`181
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 18 of 38 PageID
`#: 5620
`
`includes determining the particular asset’s criticality “based on other assets in the
`
`cloud computing environment that are accessible from the particular protected
`
`virtual cloud asset” (supra, §XIV.E) “and based on the contents stored from the
`
`particular protected virtual cloud asset” (supra, §XIV.D).
`
`326. It is therefore my opinion that claim 26 was obvious.
`
`XV. CONCLUDING STATEMENTS
`
`327. In signing this declaration, I understand that the declaration will be filed
`
`as evidence in a contested case before the Patent Trial and Appeal Board of the
`
`United States Patent and Trademark Office. I acknowledge that I may be subject to
`
`cross-examination in this case and that cross-examination will take place within the
`
`United States. If cross-examination is required of me, I will appear for cross-
`
`examination within the United States during the time allotted for cross-examination.
`
`328. I declare that all statements made herein of my knowledge are true, and
`
`that all statements made on information and belief are believed to be true, and that
`
`these statements were made with the knowledge that willful false statements and the
`
`like so made are punishable by fine or imprisonment, or both, under Section 1001 of
`
`Title 18 of the United States Code.
`
`Dated: 08/07/2024
`
`
`
`
`
`
`By:
`
`
` /Angelos Stavrou/
`Angelos Stavrou, Ph.D.
`
`
`
`253
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 19 of 38 PageID
`#: 5621
`
`Joint Appendix
`Exhibit 38
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 20 of 38 PageID
`#: 5622
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 21 of 38 PageID
`#: 5623
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 22 of 38 PageID
`#: 5624
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 23 of 38 PageID
`#: 5625
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 24 of 38 PageID
`#: 5626
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 25 of 38 PageID
`#: 5627
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 26 of 38 PageID
`#: 5628
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 27 of 38 PageID
`#: 5629
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 28 of 38 PageID
`#: 5630
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 29 of 38 PageID
`#: 5631
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 30 of 38 PageID
`#: 5632
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 31 of 38 PageID
`#: 5633
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 32 of 38 PageID
`#: 5634
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 33 of 38 PageID
`#: 5635
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 34 of 38 PageID
`#: 5636
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 35 of 38 PageID
`#: 5637
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 36 of 38 PageID
`#: 5638
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 37 of 38 PageID
`#: 5639
`
`
`
`Case 1:23-cv-00758-JLH-SRF Document 203-2 Filed 11/22/24 Page 38 of 38 PageID
`#: 5640
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
