Parent page of this data file: https://divinity-in-action.com/articles/pegasusspyware/macbooks/ Spyware Found on Irina Bright’s MacBooks, Which May Be Related to Pegasus Spyware. File name: WindowServer_2018-02-28-212733_Irinas-MacBook-Pro.wakeups_resource.diag Downloaded from: McBook > Library_Logs_DiagnosticReports. Date/Time: 2018-02-28 21:22:40.456255 +0000 OS Version: Mac OS X 10.13.3 (Build 17D102) Architecture: x86_64 Report Version: 19 Command: WindowServer Path: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer Version: ??? (???) Parent: launchd [1] PID: 170 Event: wakeups Wakeups: 45001 wakeups over the last 286 seconds (158 wakeups per second average), exceeding limit of 150 wakeups per second over 300 seconds Action taken: none Duration: 285.65s Steps: 109 Hardware model: MacBookPro9,2 Active cpus: 4 Fan speed: 2017 rpm Powerstats for: WindowServer [170] UUID: BD323A05-A87E-3D6E-846C-32A16D2E5CB3 Start time: 2018-02-28 21:22:43 +0000 End time: 2018-02-28 21:27:25 +0000 Parent: launchd Microstackshots: 81 samples (74%) Primary state: 32 samples Non-Frontmost App, User mode, Effective Thread QoS Unspecified, Requested Thread QoS Unspecified, Override Thread QoS Unspecified User Activity: 81 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 81 samples on AC 37 ??? (WindowServer + 3550) [0x10d640dde] 37 SLXServer + 832 (SkyLight) [0x7fff61edb2b9] 29 CGXRunOneServicesPass + 247 (SkyLight) [0x7fff61eda6fe] 29 run_timer_pass + 495 (SkyLight) [0x7fff61eaace4] 29 update_display_callback(void*, double) + 257 (SkyLight) [0x7fff61e63f86] 29 CGXUpdateDisplay + 5711 (SkyLight) [0x7fff61e65808] 29 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 554 (SkyLight) [0x7fff61e689c5] 7 CGXBeginSurfaceLayerUpdate + 7388 (SkyLight) [0x7fff61dcde99] 3 invalidate_window_surface_region + 189 (SkyLight) [0x7fff61dc86d0] 2 reschedule_callback_on_session + 94 (SkyLight) [0x7fff61eaa505] 2 malloc + 24 (libsystem_malloc.dylib) [0x7fff67f0150b] 2 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff67f02201] 2 szone_malloc_should_clear + 225 (libsystem_malloc.dylib) [0x7fff67f0233e] 1 reschedule_callback_on_session + 275 (SkyLight) [0x7fff61eaa5ba] 2 invalidate_window_surface_region + 197 (SkyLight) [0x7fff61dc86d8] 2 _CFRelease + 193 (CoreFoundation) [0x7fff4047ec61] 1 invalidate_window_surface_region + 140 (SkyLight) [0x7fff61dc869f] 1 region_create_with_shape + 37 (CoreGraphics) [0x7fff407c504a] 1 CGTypeCreateInstance + 46 (CoreGraphics) [0x7fff407c4083] 1 _CFRuntimeCreateInstance + 186 (CoreFoundation) [0x7fff4032a14a] 1 invalidate_window_surface_region + 166 (SkyLight) [0x7fff61dc86b9] 1 CGRegionRelease + 29 (CoreGraphics) [0x7fff407d0de9] 3 CGXBeginSurfaceLayerUpdate + 2075 (SkyLight) [0x7fff61dcc9d8] 3 CARenderUpdateAddContext2 + 48 (QuartzCore) [0x7fff4b5e836c] 2 CA::Render::Update::add_context(CA::Render::Context*, CA::Render::Layer*, CA::Transform const*) + 1588 (QuartzCore) [0x7fff4b51bbde] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 1191 (QuartzCore) [0x7fff4b5e428a] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 7228 (QuartzCore) [0x7fff4b5e5a1f] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 7228 (QuartzCore) [0x7fff4b5e5a1f] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 7228 (QuartzCore) [0x7fff4b5e5a1f] 1 CA::Render::Updater::prepare_layer(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState&, CA::Render::LayerNode*, CA::Render::Updater::LayerShapes&, unsigned long long*) + 10276 (QuartzCore) [0x7fff4b5e6607] 1 CA::Render::Update::add_context(CA::Render::Context*, CA::Render::Layer*, CA::Transform const*) + 1439 (QuartzCore) [0x7fff4b51bb49] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 9716 (QuartzCore) [0x7fff4b5e2d83] 1 CA::Render::Updater::prepare_sublayer0(CA::Render::Updater::GlobalState&, CA::Render::Updater::LocalState0&, CA::Render::Layer*) + 123 (QuartzCore) [0x7fff4b5e05cd] 1 CA::Render::Updater::prepare_layer0(CA::Render::Updater::GlobalState&, CA::Render::LayerNode*, CA::Render::Layer*, CA::Render::Updater::LocalState0&, unsigned long long) + 6286 (QuartzCore) [0x7fff4b5e201d] 1 2 CGXBeginSurfaceLayerUpdate + 2008 (SkyLight) [0x7fff61dcc995] 2 CARenderUpdateBegin2 + 224 (QuartzCore) [0x7fff4b5e82a0] 2 CA::Render::Update::Update(void*, unsigned long, double, CVTimeStamp const*, unsigned int, unsigned int, CA::Bounds const&, unsigned int) + 466 (QuartzCore) [0x7fff4b51b48e] 2 CGXBeginSurfaceLayerUpdate + 1670 (SkyLight) [0x7fff61dcc843] 1 WSGetCompositorMetal + 1122 (SkyLight) [0x7fff61d842f1] 1 WSGetCompositorForDisplayDevice + 132 (SkyLight) [0x7fff61d83d26] 1 CGXGLDisplayDeviceAccelerator + 15 (SkyLight) [0x7fff61e3ec4d] 2 CGXBeginSurfaceLayerUpdate + 1123 (SkyLight) [0x7fff61dcc620] 2 surface_get_dominant_display + 52 (SkyLight) [0x7fff61dce0cf] 2 CGXMainDisplayDevice + 173 (CoreDisplay) [0x7fff402f1093] 2 CGXBeginSurfaceLayerUpdate + 657 (SkyLight) [0x7fff61dcc44e] 2 CGXBeginSurfaceLayerUpdate + 803 (SkyLight) [0x7fff61dcc4e0] 2 CGXBeginSurfaceLayerUpdate + 971 (SkyLight) [0x7fff61dcc588] 2 CGColorSpaceRetain + 22 (CoreGraphics) [0x7fff407c5bca] 2 cs_retain_count + 1 (CoreGraphics) [0x7fff40bebc6d] 2 CGXBeginSurfaceLayerUpdate + 346 (SkyLight) [0x7fff61dcc317] 1 CGXGetDisplaysWithRect + 157 (CoreDisplay) [0x7fff402f291b] 1 CGRectIntersectsRect + 157 (CoreGraphics) [0x7fff407c5c71] 1 CGXGetDisplaysWithRect + 37 (CoreDisplay) [0x7fff402f28a3] 1 CGXSenderCanSynthesizeEvents + 159 (SkyLight) [0x7fff61ebcb29] 1 CGSRegionsEqual + 34 (CoreGraphics) [0x7fff407d3056] 1 CGXBeginSurfaceLayerUpdate + 927 (SkyLight) [0x7fff61dcc55c] 1 WSCALayerBackingSetDevice + 24 (SkyLight) [0x7fff61e40527] 1 CGXGLDisplayDeviceAccelerator + 15 (SkyLight) [0x7fff61e3ec4d] 1 CGXBeginSurfaceLayerUpdate + 247 (SkyLight) [0x7fff61dcc2b4] 1 CGXOnlineDisplayDevices + 41 (CoreDisplay) [0x7fff402eda77] 1 CGXBeginSurfaceLayerUpdate + 497 (SkyLight) [0x7fff61dcc3ae] 1 CGRectEqualToRect + 520 (CoreGraphics) [0x7fff407c7f12] 1 CGXBeginSurfaceLayerUpdate + 292 (SkyLight) [0x7fff61dcc2e1] 1 CGRegionGetBoundingBox + 36 (CoreGraphics) [0x7fff407d09c7] 1 assert_check_region + 20 (CoreGraphics) [0x7fff407d070c] 7 CGXRunOneServicesPass + 460 (SkyLight) [0x7fff61eda7d3] 7 run_one_server_pass + 337 (SkyLight) [0x7fff61eda999] 5 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff67ea07c2] 5 2 mach_msg + 62 (libsystem_kernel.dylib) [0x7fff67e9fcde] 1 CGXRunOneServicesPass + 257 (SkyLight) [0x7fff61eda708] 1 CGXRunOneEventPass + 32 (SkyLight) [0x7fff61eb7459] 22 18 2 _pthread_wqthread + 980 (libsystem_pthread.dylib) [0x7fff67fe5033] 2 _dispatch_workloop_worker_thread + 880 (libdispatch.dylib) [0x7fff67d39d16] 2 _dispatch_root_queue_drain_deferred_wlh + 332 (libdispatch.dylib) [0x7fff67d35f02] 2 _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff67d280fd] 2 _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff67d3506f] 1 _dispatch_source_invoke + 435 (libdispatch.dylib) [0x7fff67d22f5f] 1 1 _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff67d23018] 1 _dispatch_continuation_pop + 472 (libdispatch.dylib) [0x7fff67d33e76] 1 _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff67d20d50] 1 dispatch_mig_server + 648 (libdispatch.dylib) [0x7fff67d2d04d] 1 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff67ea07c2] 1 1 _pthread_start + 377 (libsystem_pthread.dylib) [0x7fff67fe556d] 1 _pthread_body + 340 (libsystem_pthread.dylib) [0x7fff67fe56c1] 1 _dispatch_worker_thread + 175 (libdispatch.dylib) [0x7fff67d23d9e] 1 _dispatch_root_queue_drain + 515 (libdispatch.dylib) [0x7fff67d22941] 1 _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff67d280fd] 1 _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff67d3506f] 1 _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff67d23018] 1 _dispatch_continuation_pop + 472 (libdispatch.dylib) [0x7fff67d33e76] 1 _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff67d20d50] 1 -[_MTLCommandQueue _submitAvailableCommandBuffers] + 891 (Metal) [0x7fff449a90b9] 1 -[MTLIOAccelCommandQueue submitCommandBuffers:count:] + 678 (Metal) [0x7fff4497caa9] 1 IOAccelCommandQueueSubmitCommandBuffers + 136 (IOAccelerator) [0x7fff5a39d51e] 1 IOConnectCallMethod + 186 (IOKit) [0x7fff42b51fc4] 1 io_connect_method + 369 (IOKit) [0x7fff42b52197] 1 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff67ea07c2] 1 Binary Images: 0x10d640000 - 0x10d640fff WindowServer (312.23.4) /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer 0x7fff4025a000 - 0x7fff40326fff com.apple.CoreDisplay 1.0 (81.7) /System/Library/Frameworks/CoreDisplay.framework/Versions/A/CoreDisplay 0x7fff40327000 - 0x7fff407c0fff com.apple.CoreFoundation 6.9 (1451) <739D6558-3DF3-3181-AA07-BBE3882D3B7F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff407c2000 - 0x7fff40dedff7 com.apple.CoreGraphics 2.0 (1129.5) /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff42b4e000 - 0x7fff42be9fff com.apple.framework.IOKit 2.0.2 <9CFA07B9-BA6E-31E4-AD4F-C47071A8C522> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x7fff44950000 - 0x7fff449cffff com.apple.Metal 124.7 (124.7) /System/Library/Frameworks/Metal.framework/Versions/A/Metal 0x7fff4b4e5000 - 0x7fff4b72dfff com.apple.QuartzCore 1.11 (584.8.102) <4479AF33-E6EA-3037-A2C1-3C6F12B1260A> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x7fff5a399000 - 0x7fff5a3a0ffb com.apple.IOAccelerator 376.6 (376.6) /System/Library/PrivateFrameworks/IOAccelerator.framework/Versions/A/IOAccelerator 0x7fff61c90000 - 0x7fff61f2afff com.apple.SkyLight 1.600.0 <455CE6F6-CD58-3E08-8300-CA8BDD3377FC> /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight 0x7fff67d1f000 - 0x7fff67d58ff7 libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib 0x7fff67e8e000 - 0x7fff67eb3ff7 libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib 0x7fff67f00000 - 0x7fff67f1ffff libsystem_malloc.dylib (140.40.1) <36B22C99-D772-3039-9A4C-AA31389965E1> /usr/lib/system/libsystem_malloc.dylib 0x7fff67fe2000 - 0x7fff67fedfff libsystem_pthread.dylib (301.30.1) /usr/lib/system/libsystem_pthread.dylib Powerstats for: CiscoVideoGuardM UUID: 26970BC3-D274-3FC8-A666-24BF4BD7531B Start time: 2018-02-28 21:22:46 +0000 End time: 2018-02-28 21:27:15 +0000 Microstackshots: 19 samples (17%) Primary state: 17 samples Non-Frontmost App, Kernel mode, Effective Thread QoS Default, Requested Thread QoS Default, Override Thread QoS Unspecified User Activity: 19 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 19 samples on AC 19 _pthread_start + 357 (libsystem_pthread.dylib) [0xa782c3b2] 19 _pthread_body + 347 (libsystem_pthread.dylib) [0xa782c50d] 19 ??? (CiscoVideoGuardMonitor + 2525622) [0x28b9b6] 18 ??? (CiscoVideoGuardMonitor + 263818) [0x6368a] 18 ??? (CiscoVideoGuardMonitor + 262612) [0x631d4] 18 ??? (CiscoVideoGuardMonitor + 345957) [0x77765] 16 ??? (CiscoVideoGuardMonitor + 346807) [0x77ab7] 16 pthread_cond_timedwait$UNIX2003 + 52 (libsystem_pthread.dylib) [0xa7832535] 16 __psynch_cvwait + 10 (libsystem_kernel.dylib) [0xa76fdd26] 1 ??? (CiscoVideoGuardMonitor + 346815) [0x77abf] 1 1 ??? (CiscoVideoGuardMonitor + 346783) [0x77a9f] 1 ??? (CiscoVideoGuardMonitor + 104383) [0x3c7bf] 1 1 ??? (CiscoVideoGuardMonitor + 166378) [0x4b9ea] 1 ??? (CiscoVideoGuardMonitor + 151656) [0x48068] 1 ??? (CiscoVideoGuardMonitor + 274674) [0x660f2] 1 ??? (CiscoVideoGuardMonitor + 415550) [0x8873e] 1 ??? (CiscoVideoGuardMonitor + 416382) [0x88a7e] 1 kevent + 10 (libsystem_kernel.dylib) [0xa76ff1de] Binary Images: 0x23000 - 0x336ff3 com.cisco.videoguardmonitor 1.0 (1.0) <26970BC3-D274-3FC8-A666-24BF4BD7531B> /Users/USER/Library/Cisco/*/VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor 0xa76e1000 - 0xa7704ff7 libsystem_kernel.dylib (4570.41.2) <649BB7E7-6378-3D2C-BBC6-ED2577E551B9> /usr/lib/system/libsystem_kernel.dylib 0xa7829000 - 0xa7833ff3 libsystem_pthread.dylib (301.30.1) <7409C1E5-F3BA-3AB3-ADC1-9DCD356C6C13> /usr/lib/system/libsystem_pthread.dylib