Parent page of this data file: https://divinity-in-action.com/articles/pegasusspyware/macbooks/

Spyware Found on Irina Bright’s MacBooks, Which May Be Related to Pegasus Spyware.


File name: 	system_installd_2018-02-04-104649_Irinas-MacBook-Pro.memory_resource.diag
Downloaded from: 	McBook > Library_Logs_DiagnosticReports.


Date/Time:       2018-02-04 10:36:52.266866 +0000
OS Version:      Mac OS X 10.13.3 (Build 17D47)
Architecture:    x86_64
Report Version:  19

Command:         system_installd
Path:            /System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/system_installd
Version:         ??? (???)
Bundle Id:       com.apple.system_installd
PID:             498
Coalition ID:    525
Wall Time Alive: 2465
Footprint:       0MB
Limit:           200
Process Flags:   Active

Event:           memory high watermark
Action taken:    none -- this exception is advisory
Duration:        587.16s
Steps:           0

Hardware model:  MacBookPro9,2
Active cpus:     4


Signature:       MALLOC_SMALL
MallocStack Sig: 


Section: footprint --summary

==========================================================================================
system_installd [498] (corpse): 64-bit	Footprint: 201 MB (4096 bytes per page)
==========================================================================================

      Dirty     (Swapped)         Clean   Reclaimable       (Wired)    Regions    Category
        ---           ---           ---           ---           ---        ---    ---
     174 MB        108 KB           0 B           0 B           0 B        113    MALLOC_SMALL
      20 MB           0 B           0 B           0 B           0 B        137    MALLOC_LARGE
    4092 KB        8192 B           0 B           0 B           0 B          5    MALLOC_TINY
    2048 KB           0 B           0 B           0 B           0 B          4    MALLOC_LARGE_REUSED
     472 KB           0 B           0 B           0 B           0 B          1    libdispatch
     304 KB         52 KB       3744 KB           0 B           0 B         16    untagged ("VM_ALLOCATE")
     192 KB         24 KB           0 B        8192 B           0 B          9    stack
      80 KB         24 KB           0 B           0 B           0 B         27    malloc metadata
      12 KB           0 B           0 B           0 B           0 B          1    Activity Tracing
     8192 B           0 B           0 B           0 B           0 B          1    os_alloc_once
     752 KB        220 KB        280 KB         20 KB           0 B        855    Other
        ---           ---           ---           ---           ---        ---    ---
     201 MB        436 KB       4024 KB         28 KB           0 B       1169    TOTAL

Auxiliary data:
	Kernel memory:
		KPRVT: 8192 B
		KSHRD: 0 B
	phys_footprint: 0 B






Powerstats for:  system_installd [498]
UUID:            ED306731-AA89-3406-817B-ADE51C32086E
Start time:      2018-02-04 10:40:06 +0000
End time:        2018-02-04 10:46:39 +0000
Parent:          launchd
Microstackshots: 19 samples
Primary state:   12 samples Non-Frontmost App, User mode, Effective Thread QoS Background, Requested Thread QoS Background, Override Thread QoS Unspecified
User Activity:   0 samples Idle, 19 samples Active
Power Source:    0 samples on Battery, 19 samples on AC
  12 _pthread_wqthread + 1387 (libsystem_pthread.dylib) [0x7fff5978e1ca]
    12 _dispatch_worker_thread3 + 101 (libdispatch.dylib) [0x7fff594cb6ed]
      8  _dispatch_root_queue_drain + 515 (libdispatch.dylib) [0x7fff594cb941]
        8  _dispatch_async_redirect_invoke + 703 (libdispatch.dylib) [0x7fff594d46cb]
          8  _dispatch_continuation_pop + 599 (libdispatch.dylib) [0x7fff594dcef5]
            8  _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff594c9d50]
              8  _dispatch_call_block_and_release + 12 (libdispatch.dylib) [0x7fff594d1591]
                8  ??? (AppleFSCompression + 30737) [0x7fff41805811]
                  8  ??? (AppleFSCompression + 30404) [0x7fff418056c4]
                    8  ??? (AppleFSCompression + 33004) [0x7fff418060ec]
                      8  ??? (AppleFSCompression + 6900) [0x7fff417ffaf4]
                        6  ??? (AppleFSCompression + 7271) [0x7fff417ffc67]
                        2  ??? (AppleFSCompression + 8550) [0x7fff41800166]
      4  _dispatch_root_queue_drain + 902 (libdispatch.dylib) [0x7fff594cbac4]
        4  _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff594c9d50]
          4  _dispatch_call_block_and_release + 12 (libdispatch.dylib) [0x7fff594d1591]
            4  -[PKInstall _installMain:] + 3221 (PackageKit) [0x7fff4e6b6b13]
              4  -[PKInstallOperationController run] + 238 (PackageKit) [0x7fff4e6f3a71]
                4  -[PKInstallOperation start] + 106 (PackageKit) [0x7fff4e6f4d83]
                  4  -[__NSOperationInternal _start:] + 778 (Foundation) [0x7fff33c5b5de]
                    4  -[PKExtractInstallOperation main] + 796 (PackageKit) [0x7fff4e6f6dc5]
                      4  -[PKExtractInstallOperation _extractPayloadForPackageSpecifier:error:] + 198 (PackageKit) [0x7fff4e6f605d]
                        4  -[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:] + 139 (PackageKit) [0x7fff4e6c592e]
                          4  -[PKXARArchive _fileOffsetForPath:error:] + 112 (PackageKit) [0x7fff4e6b4094]
                            4  -[PKXARArchive _xarFileIsValid:] + 94 (PackageKit) [0x7fff4e6b3411]
                              4  xar_data_verify + 149 (libxar.1.dylib) [0x7fff591cd173]
                                4  xar_attrcopy_from_heap + 418 (libxar.1.dylib) [0x7fff591cf914]
                                  4  xar_hash_toheap_out + 213 (libxar.1.dylib) [0x7fff591ceb5a]
                                    4  CCDigestUpdate + 47 (libcommonCrypto.dylib) [0x7fff593a2ef4]
                                      4  ccdigest_update + 278 (libcorecrypto.dylib) [0x7fff593d102b]
                                        2  ccsha1_vng_intel_compress_AVX1 + 1644 (libcorecrypto.dylib) [0x7fff593f790c]
                                        2  ccsha1_vng_intel_compress_AVX1 + 1663 (libcorecrypto.dylib) [0x7fff593f791f]
  3  <Kernel mode, Requested Thread QoS User Initiated>
  3  _pthread_wqthread + 1016 (libsystem_pthread.dylib) [0x7fff5978e057]
    2  _dispatch_kevent_worker_thread + 877 (libdispatch.dylib) [0x7fff594e2924]
      1  _dispatch_timers_run + 43 (libdispatch.dylib) [0x7fff594d55a3]
        1  clock_gettime_nsec_np + 52 (libsystem_c.dylib) [0x7fff595538c4]
          1  gettimeofday + 45 (libsystem_c.dylib) [0x7fff5956287e]
            1  __commpage_gettimeofday_internal + 38 (libsystem_kernel.dylib) [0x7fff596499f9]
              1  <Requested Thread QoS User Initiated>
      1  _dispatch_timers_run + 202 (libdispatch.dylib) [0x7fff594d5642]
        1  <Requested Thread QoS User Initiated>
    1  _dispatch_kevent_worker_thread + 468 (libdispatch.dylib) [0x7fff594e278b]
      1  _dispatch_mgr_queue_drain + 122 (libdispatch.dylib) [0x7fff594ccf66]
        1  _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff594de06f]
          1  _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff594cc018]
            1  _dispatch_continuation_pop + 472 (libdispatch.dylib) [0x7fff594dce76]
              1  _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff594c9d50]
                1  malloc_memory_event_handler + 31 (libsystem_malloc.dylib) [0x7fff596bbdc2]
                  1  malloc_zone_pressure_relief + 172 (libsystem_malloc.dylib) [0x7fff596bc130]
                    1  szone_pressure_relief + 1552 (libsystem_malloc.dylib) [0x7fff596b8436]
                      1  small_finalize_region + 99 (libsystem_malloc.dylib) [0x7fff596b0a7e]
                        1  <Kernel mode, Requested Thread QoS User Initiated>
  1  _pthread_wqthread + 980 (libsystem_pthread.dylib) [0x7fff5978e033]
    1  _dispatch_workloop_worker_thread + 880 (libdispatch.dylib) [0x7fff594e2d16]
      1  _dispatch_root_queue_drain_deferred_wlh + 332 (libdispatch.dylib) [0x7fff594def02]
        1  _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff594d10fd]
          1  _dispatch_queue_serial_drain + 635 (libdispatch.dylib) [0x7fff594de20c]
            1  _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff594c9d50]
              1  _dispatch_call_block_and_release + 12 (libdispatch.dylib) [0x7fff594d1591]
                1  __47-[PKInstallDaemon installStatusForToken:reply:]_block_invoke + 190 (PackageKit) [0x7fff4e6ac378]
                  1  _dispatch_queue_barrier_sync_invoke_and_complete + 60 (libdispatch.dylib) [0x7fff594dd1d6]
                    1  _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff594c9d50]
                      1  __47-[PKInstallDaemon installStatusForToken:reply:]_block_invoke.120 + 72 (PackageKit) [0x7fff4e6ac605]
                        1  objc_object::rootAutorelease2() + 33 (libobjc.A.dylib) [0x7fff5890d631]
                          1  (anonymous namespace)::AutoreleasePoolPage::autoreleaseNoPage(objc_object*) + 127 (libobjc.A.dylib) [0x7fff5890bbc9]
                            1  malloc_zone_memalign + 154 (libsystem_malloc.dylib) [0x7fff596ae8d9]
                              1  szone_memalign + 702 (libsystem_malloc.dylib) [0x7fff596aebdf]
                                1  szone_malloc_should_clear + 1600 (libsystem_malloc.dylib) [0x7fff596ab89d]
                                  1  small_free_list_add_ptr + 631 (libsystem_malloc.dylib) [0x7fff596ad4f5]
                                    1  <Kernel mode, Requested Thread QoS Default>

  Binary Images:
         0x10ca35000 -        0x10ca36ff3  system_installd (727.1) <ED306731-AA89-3406-817B-ADE51C32086E> /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
      0x7fff33c21000 -     0x7fff33fe6fff  com.apple.Foundation 6.9 (1451) <B99F94E7-117E-39CC-A65D-B7AEA8998481> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
      0x7fff417fe000 -     0x7fff4180dff7  com.apple.AppleFSCompression 96.30.2 (1.0) <CFA90544-68EB-3CCE-A8F7-1B03974F3B85> /System/Library/PrivateFrameworks/AppleFSCompression.framework/Versions/A/AppleFSCompression
      0x7fff4e697000 -     0x7fff4e7b6fe7  com.apple.PackageKit 3.0 (727.1) <CA2E7C6D-4640-3FB0-9159-B067B9806105> /System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/PackageKit
      0x7fff58902000 -     0x7fff58cf33b7  libobjc.A.dylib (723) <37A7D77E-952C-3F5D-970B-3CDE349B2322> /usr/lib/libobjc.A.dylib
      0x7fff591c8000 -     0x7fff591d5fff  libxar.1.dylib (400) <0316128D-3B47-3052-995D-97B4FE5491DC> /usr/lib/libxar.1.dylib
      0x7fff5939f000 -     0x7fff593a9ff3  libcommonCrypto.dylib (60118.30.2) <674286D3-7744-36A3-9AAA-49DFCD97A986> /usr/lib/system/libcommonCrypto.dylib
      0x7fff593bb000 -     0x7fff59440fff  libcorecrypto.dylib (562.30.10) <8A53EFE1-AFCA-3676-BEE1-FA5ED9F0E222> /usr/lib/system/libcorecrypto.dylib
      0x7fff594c8000 -     0x7fff59501ff7  libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib
      0x7fff59552000 -     0x7fff595dbff7  libsystem_c.dylib (1244.30.3) <E0136C71-0648-36F0-9F84-82EA2748A8D7> /usr/lib/system/libsystem_c.dylib
      0x7fff59637000 -     0x7fff5965cff7  libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib
      0x7fff596a9000 -     0x7fff596c8fff  libsystem_malloc.dylib (140.40.1) <36B22C99-D772-3039-9A4C-AA31389965E1> /usr/lib/system/libsystem_malloc.dylib
      0x7fff5978b000 -     0x7fff59796fff  libsystem_pthread.dylib (301.30.1) <ABA848E1-6978-3B42-A3A7-608B2C36FA93> /usr/lib/system/libsystem_pthread.dylib