Parent page of this data file: https://divinity-in-action.com/articles/pegasusspyware/macbooks/ Spyware Found on Irina Bright’s MacBooks, Which May Be Related to Pegasus Spyware. File name: WindowServer_2018-02-28-095608_Irinas-MacBook-Pro.wakeups_resource.diag Downloaded from: McBook > Library_Logs_DiagnosticReports. Date/Time: 2018-02-28 09:51:20.393480 +0000 OS Version: Mac OS X 10.13.3 (Build 17D102) Architecture: x86_64 Report Version: 19 Command: WindowServer Path: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer Version: ??? (???) Parent: launchd [1] PID: 167 Event: wakeups Wakeups: 45001 wakeups over the last 282 seconds (159 wakeups per second average), exceeding limit of 150 wakeups per second over 300 seconds Action taken: none Duration: 282.20s Steps: 121 Hardware model: MacBookPro9,2 Active cpus: 4 Fan speed: 1995 rpm Powerstats for: WindowServer [167] UUID: BD323A05-A87E-3D6E-846C-32A16D2E5CB3 Start time: 2018-02-28 09:51:26 +0000 End time: 2018-02-28 09:56:01 +0000 Parent: launchd Microstackshots: 100 samples (82%) Primary state: 39 samples Non-Frontmost App, User mode, Effective Thread QoS Unspecified, Requested Thread QoS Unspecified, Override Thread QoS Unspecified User Activity: 100 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 100 samples on AC 45 ??? (WindowServer + 3550) [0x106482dde] 45 SLXServer + 832 (SkyLight) [0x7fff5caf22b9] 40 CGXRunOneServicesPass + 247 (SkyLight) [0x7fff5caf16fe] 40 run_timer_pass + 495 (SkyLight) [0x7fff5cac1ce4] 40 update_display_callback(void*, double) + 257 (SkyLight) [0x7fff5ca7af86] 40 CGXUpdateDisplay + 5711 (SkyLight) [0x7fff5ca7c808] 36 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 554 (SkyLight) [0x7fff5ca7f9c5] 6 CGXBeginSurfaceLayerUpdate + 497 (SkyLight) [0x7fff5c9e33ae] 2 CGRectEqualToRect + 135 (CoreGraphics) [0x7fff3b3ded91] 2 CGRectEqualToRect + 113 (CoreGraphics) [0x7fff3b3ded7b] 2 CGRectEqualToRect + 345 (CoreGraphics) [0x7fff3b3dee63] 4 CGXBeginSurfaceLayerUpdate + 7388 (SkyLight) [0x7fff5c9e4e99] 2 invalidate_window_surface_region + 189 (SkyLight) [0x7fff5c9df6d0] 2 reschedule_callback_on_session + 387 (SkyLight) [0x7fff5cac162a] 2 szone_size + 258 (libsystem_malloc.dylib) [0x7fff62b1a96b] 1 invalidate_window_surface_region + 166 (SkyLight) [0x7fff5c9df6b9] 1 default_zone_free + 1 (libsystem_malloc.dylib) [0x7fff62b2931b] 1 invalidate_window_surface_region + 175 (SkyLight) [0x7fff5c9df6c2] 1 CGRegionRelease + 22 (CoreGraphics) [0x7fff3b3e7de2] 1 assert_check_region + 30 (CoreGraphics) [0x7fff3b3e7716] 1 CFGetTypeID + 52 (CoreFoundation) [0x7fff3af693b4] 4 CGXBeginSurfaceLayerUpdate + 346 (SkyLight) [0x7fff5c9e3317] 2 CGXGetDisplaysWithRect + 157 (CoreDisplay) [0x7fff3af0991b] 1 CGRectIntersectsRect + 61 (CoreGraphics) [0x7fff3b3dcc11] 1 CGRectIntersectsRect + 473 (CoreGraphics) [0x7fff3b3dcdad] 2 CGXGetDisplaysWithRect + 37 (CoreDisplay) [0x7fff3af098a3] 2 ??? (CoreDisplay + 617788) [0x7fff3af07d3c] 2 CGXGetCurrentSessionScoreboardDisplaySet + 41 (SkyLight) [0x7fff5cad3b52] 3 CGXBeginSurfaceLayerUpdate + 292 (SkyLight) [0x7fff5c9e32e1] 3 CGRegionGetBoundingBox + 36 (CoreGraphics) [0x7fff3b3e79c7] 2 assert_check_region + 20 (CoreGraphics) [0x7fff3b3e770c] 1 assert_check_shape + 15 (CoreGraphics) [0x7fff3b3e72ea] 2 CGXBeginSurfaceLayerUpdate + 88 (SkyLight) [0x7fff5c9e3215] 2 CGXBeginSurfaceLayerUpdate + 803 (SkyLight) [0x7fff5c9e34e0] 2 CGXBeginSurfaceLayerUpdate + 1270 (SkyLight) [0x7fff5c9e36b3] 1 CA::Render::Context::context_by_id(unsigned int) + 59 (QuartzCore) [0x7fff4612ae29] 1 x_hash_table_lookup + 6 (QuartzCore) [0x7fff460fff15] 1 os_unfair_lock_lock + 8 (libsystem_platform.dylib) [0x7fff62bf561e] 2 WSCALayerBacking::GetAccelerator() + 59 (SkyLight) [0x7fff5ca5750f] 2 CGXBeginSurfaceLayerUpdate + 1336 (SkyLight) [0x7fff5c9e36f5] 2 _pthread_mutex_lock_slow + 262 (libsystem_pthread.dylib) [0x7fff62bfa55a] 1 CGXBeginSurfaceLayerUpdate + 7035 (SkyLight) [0x7fff5c9e4d38] 1 _CFRelease + 300 (CoreFoundation) [0x7fff3b095ccc] 1 assert_check_shape + 118 (CoreGraphics) [0x7fff3b3e7351] 1 CGXBeginSurfaceLayerUpdate + 247 (SkyLight) [0x7fff5c9e32b4] 1 CGXOnlineDisplayDevices + 34 (CoreDisplay) [0x7fff3af04a70] 1 CGXBeginSurfaceLayerUpdate + 657 (SkyLight) [0x7fff5c9e344e] 1 CGXBeginSurfaceLayerUpdate + 7776 (SkyLight) [0x7fff5c9e501d] 1 CGXBeginSurfaceLayerUpdate + 2008 (SkyLight) [0x7fff5c9e3995] 1 operator new(unsigned long) + 1 (libc++abi.dylib) [0x7fff609fb601] 1 CGXBeginSurfaceLayerUpdate + 902 (SkyLight) [0x7fff5c9e3543] 1 kdebug_trace + 14 (libsystem_kernel.dylib) [0x7fff62abca6b] 1 CGXBeginSurfaceLayerUpdate + 7810 (SkyLight) [0x7fff5c9e503f] 1 CGXBeginSurfaceLayerUpdate + 927 (SkyLight) [0x7fff5c9e355c] 1 WSCALayerBackingSetDevice + 39 (SkyLight) [0x7fff5ca57536] 1 CGXGLDisplayDeviceAccelerator + 4 (SkyLight) [0x7fff5ca55c42] 1 CGXBeginSurfaceLayerUpdate + 2075 (SkyLight) [0x7fff5c9e39d8] 1 CARenderUpdateAddContext2 + 48 (QuartzCore) [0x7fff461ff36c] 1 CA::Render::Update::add_context(CA::Render::Context*, CA::Render::Layer*, CA::Transform const*) + 1588 (QuartzCore) [0x7fff46132bde] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 7228 (QuartzCore) [0x7fff461fca1f] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 7228 (QuartzCore) [0x7fff461fca1f] 1 CA::Render::Updater::LayerShapes::union_bounds(CA::Rect const&, bool) + 51 (QuartzCore) [0x7fff461fade3] 1 3 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 579 (SkyLight) [0x7fff5ca7f9de] 2 malloc + 24 (libsystem_malloc.dylib) [0x7fff62b1850b] 2 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff62b19201] 2 szone_malloc_should_clear + 1288 (libsystem_malloc.dylib) [0x7fff62b19765] 1 malloc_zone_malloc + 1 (libsystem_malloc.dylib) [0x7fff62b1919b] 1 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 594 (SkyLight) [0x7fff5ca7f9ed] 5 CGXRunOneServicesPass + 460 (SkyLight) [0x7fff5caf17d3] 5 run_one_server_pass + 337 (SkyLight) [0x7fff5caf1999] 5 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff62ab77c2] 5 27 24 2 _pthread_wqthread + 980 (libsystem_pthread.dylib) [0x7fff62bfc033] 2 _dispatch_workloop_worker_thread + 880 (libdispatch.dylib) [0x7fff62950d16] 2 _dispatch_root_queue_drain_deferred_wlh + 332 (libdispatch.dylib) [0x7fff6294cf02] 2 _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff6293f0fd] 2 _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff6294c06f] 2 _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff6293a018] 1 _dispatch_continuation_pop + 59 (libdispatch.dylib) [0x7fff6294acd9] 1 1 _dispatch_client_callout + 1 (libdispatch.dylib) [0x7fff62937d49] 1 2 _pthread_start + 377 (libsystem_pthread.dylib) [0x7fff62bfc56d] 2 _pthread_body + 340 (libsystem_pthread.dylib) [0x7fff62bfc6c1] 2 _dispatch_worker_thread + 175 (libdispatch.dylib) [0x7fff6293ad9e] 2 _dispatch_root_queue_drain + 283 (libdispatch.dylib) [0x7fff62939859] 2 Binary Images: 0x106482000 - 0x106482fff WindowServer (312.23.4) /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer 0x7fff3ae71000 - 0x7fff3af3dfff com.apple.CoreDisplay 1.0 (81.7) /System/Library/Frameworks/CoreDisplay.framework/Versions/A/CoreDisplay 0x7fff3af3e000 - 0x7fff3b3d7fff com.apple.CoreFoundation 6.9 (1451) <739D6558-3DF3-3181-AA07-BBE3882D3B7F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff3b3d9000 - 0x7fff3ba04ff7 com.apple.CoreGraphics 2.0 (1129.5) /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff460fc000 - 0x7fff46344fff com.apple.QuartzCore 1.11 (584.8.102) <4479AF33-E6EA-3037-A2C1-3C6F12B1260A> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x7fff5c8a7000 - 0x7fff5cb41fff com.apple.SkyLight 1.600.0 <455CE6F6-CD58-3E08-8300-CA8BDD3377FC> /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight 0x7fff609fa000 - 0x7fff60a1eff7 libc++abi.dylib (400.7) <217656D5-BC40-37FF-B322-91CB2AAD4F34> /usr/lib/libc++abi.dylib 0x7fff62936000 - 0x7fff6296fff7 libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib 0x7fff62aa5000 - 0x7fff62acaff7 libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib 0x7fff62b17000 - 0x7fff62b36fff libsystem_malloc.dylib (140.40.1) <36B22C99-D772-3039-9A4C-AA31389965E1> /usr/lib/system/libsystem_malloc.dylib 0x7fff62bf1000 - 0x7fff62bf8ff7 libsystem_platform.dylib (161.20.1) /usr/lib/system/libsystem_platform.dylib 0x7fff62bf9000 - 0x7fff62c04fff libsystem_pthread.dylib (301.30.1) /usr/lib/system/libsystem_pthread.dylib Powerstats for: CiscoVideoGuardM UUID: 26970BC3-D274-3FC8-A666-24BF4BD7531B Start time: 2018-02-28 09:51:47 +0000 End time: 2018-02-28 09:55:53 +0000 Microstackshots: 19 samples (15%) Primary state: 18 samples Non-Frontmost App, Kernel mode, Effective Thread QoS Default, Requested Thread QoS Default, Override Thread QoS Unspecified User Activity: 19 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 19 samples on AC 19 _pthread_start + 357 (libsystem_pthread.dylib) [0xa782c3b2] 19 _pthread_body + 347 (libsystem_pthread.dylib) [0xa782c50d] 19 ??? (CiscoVideoGuardMonitor + 2525622) [0x2a19b6] 19 ??? (CiscoVideoGuardMonitor + 263818) [0x7968a] 19 ??? (CiscoVideoGuardMonitor + 262612) [0x791d4] 19 ??? (CiscoVideoGuardMonitor + 345957) [0x8d765] 19 ??? (CiscoVideoGuardMonitor + 346807) [0x8dab7] 19 pthread_cond_timedwait$UNIX2003 + 52 (libsystem_pthread.dylib) [0xa7832535] 18 __psynch_cvwait + 10 (libsystem_kernel.dylib) [0xa76fdd26] 1 __psynch_cvwait + 12 (libsystem_kernel.dylib) [0xa76fdd28] 1 Binary Images: 0x39000 - 0x34cff3 com.cisco.videoguardmonitor 1.0 (1.0) <26970BC3-D274-3FC8-A666-24BF4BD7531B> /Users/USER/Library/Cisco/*/VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor 0xa76e1000 - 0xa7704ff7 libsystem_kernel.dylib (4570.41.2) <649BB7E7-6378-3D2C-BBC6-ED2577E551B9> /usr/lib/system/libsystem_kernel.dylib 0xa7829000 - 0xa7833ff3 libsystem_pthread.dylib (301.30.1) <7409C1E5-F3BA-3AB3-ADC1-9DCD356C6C13> /usr/lib/system/libsystem_pthread.dylib