Parent page of this data file: https://divinity-in-action.com/articles/pegasusspyware/macbooks/ Spyware Found on Irina Bright’s MacBooks, Which May Be Related to Pegasus Spyware. File name: WindowServer_2018-03-01-233114_Irinas-MacBook-Pro.wakeups_resource.diag Downloaded from: McBook > Library_Logs_DiagnosticReports. Date/Time: 2018-03-01 23:26:29.997034 +0000 OS Version: Mac OS X 10.13.3 (Build 17D102) Architecture: x86_64 Report Version: 19 Command: WindowServer Path: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer Version: ??? (???) Parent: launchd [1] PID: 168 Event: wakeups Wakeups: 45001 wakeups over the last 282 seconds (160 wakeups per second average), exceeding limit of 150 wakeups per second over 300 seconds Action taken: none Duration: 281.55s Steps: 133 Hardware model: MacBookPro9,2 Active cpus: 4 Fan speed: 2012 rpm Powerstats for: WindowServer [168] UUID: BD323A05-A87E-3D6E-846C-32A16D2E5CB3 Start time: 2018-03-01 23:26:30 +0000 End time: 2018-03-01 23:31:11 +0000 Parent: launchd Microstackshots: 111 samples (83%) Primary state: 58 samples Non-Frontmost App, User mode, Effective Thread QoS Unspecified, Requested Thread QoS Unspecified, Override Thread QoS Unspecified User Activity: 111 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 111 samples on AC 62 ??? (WindowServer + 3550) [0x10550edde] 62 SLXServer + 832 (SkyLight) [0x7fff583d52b9] 58 CGXRunOneServicesPass + 247 (SkyLight) [0x7fff583d46fe] 58 run_timer_pass + 495 (SkyLight) [0x7fff583a4ce4] 58 update_display_callback(void*, double) + 257 (SkyLight) [0x7fff5835df86] 57 CGXUpdateDisplay + 5711 (SkyLight) [0x7fff5835f808] 52 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 554 (SkyLight) [0x7fff583629c5] 32 CGXBeginSurfaceLayerUpdate + 7388 (SkyLight) [0x7fff582c7e99] 21 invalidate_window_surface_region + 189 (SkyLight) [0x7fff582c26d0] 7 reschedule_callback_on_session + 65 (SkyLight) [0x7fff583a44e8] 5 CGSessionControlIsSessionDefunct + 79 (SkyLight) [0x7fff58357736] 2 CFDictionaryContainsValue + 75 (CoreFoundation) [0x7fff3688233b] 2 CFDictionaryContainsValue + 21 (CoreFoundation) [0x7fff36882305] 1 CFDictionaryContainsValue + 119 (CoreFoundation) [0x7fff36882367] 1 DYLD-STUB$$_Block_object_assign + 6 (CoreFoundation) [0x7fff36a0e2f2] 1 _Block_object_assign + 349 (libsystem_blocks.dylib) [0x7fff5e2a2c39] 1 _Block_object_dispose + 1 (libsystem_blocks.dylib) [0x7fff5e2a2c3a] 5 reschedule_callback_on_session + 387 (SkyLight) [0x7fff583a462a] 2 szone_size + 210 (libsystem_malloc.dylib) [0x7fff5e3fd93b] 2 free + 234 (libsystem_malloc.dylib) [0x7fff5e3fd747] 1 free + 33 (libsystem_malloc.dylib) [0x7fff5e3fd67e] 3 _os_nospin_lock_lock + 14 (libsystem_platform.dylib) [0x7fff5e4d88de] 2 tiny_malloc_from_free_list + 1160 (libsystem_malloc.dylib) [0x7fff5e3fd65d] 2 reschedule_callback_on_session + 217 (SkyLight) [0x7fff583a4580] 1 CGXInvalidateDisplayShape + 90 (SkyLight) [0x7fff5836c535] 1 current_update_shape(CGXSessionWindowData*, CGXConnection*) + 130 (SkyLight) [0x7fff5836c071] 1 region_check + 20 (CoreGraphics) [0x7fff36cca83d] 1 _os_nospin_lock_unlock + 12 (libsystem_platform.dylib) [0x7fff5e4d89c2] 3 WSRemoveAllPortDataHandlersForPort + 138 (SkyLight) [0x7fff583d430b] 2 reschedule_callback_on_session + 1 (SkyLight) [0x7fff583a44a8] 2 invalidate_window_surface_region + 197 (SkyLight) [0x7fff582c26d8] 2 _CFRelease + 96 (CoreFoundation) [0x7fff36978c00] 2 WSNewTimerScheduled + 1 (SkyLight) [0x7fff583d430c] 2 CGXPackagesNoteModificationActivityForConnection + 1 (SkyLight) [0x7fff58245933] 5 CGXBeginSurfaceLayerUpdate + 7791 (SkyLight) [0x7fff582c802c] 2 _CFRelease + 666 (CoreFoundation) [0x7fff36978e3a] 1 DYLD-STUB$$object_dispose + 6 (CoreFoundation) [0x7fff36a0ea30] 1 _CFRelease + 1088 (CoreFoundation) [0x7fff36978fe0] 1 free_tiny + 628 (libsystem_malloc.dylib) [0x7fff5e414254] 1 tiny_free_no_lock + 170 (libsystem_malloc.dylib) [0x7fff5e4135c8] 1 _CFRelease + 300 (CoreFoundation) [0x7fff36978ccc] 1 region_finalize + 40 (CoreGraphics) [0x7fff36ccae75] 1 free_tiny + 628 (libsystem_malloc.dylib) [0x7fff5e414254] 1 tiny_free_no_lock + 1450 (libsystem_malloc.dylib) [0x7fff5e413ac8] 1 tiny_free_list_remove_ptr + 206 (libsystem_malloc.dylib) [0x7fff5e3fe70f] 3 CGXBeginSurfaceLayerUpdate + 2075 (SkyLight) [0x7fff582c69d8] 3 CARenderUpdateAddContext2 + 48 (QuartzCore) [0x7fff41ae236c] 2 CA::Render::Update::add_context(CA::Render::Context*, CA::Render::Layer*, CA::Transform const*) + 1256 (QuartzCore) [0x7fff41a15a92] 1 CA::Render::Update::add_context(CA::Render::Context*, CA::Render::Layer*, CA::Transform const*) + 2358 (QuartzCore) [0x7fff41a15ee0] 2 CGXBeginSurfaceLayerUpdate + 88 (SkyLight) [0x7fff582c6215] 2 CGXBeginSurfaceLayerUpdate + 2008 (SkyLight) [0x7fff582c6995] 2 CARenderUpdateBegin2 + 224 (QuartzCore) [0x7fff41ae22a0] 2 CA::Render::Update::Update(void*, unsigned long, double, CVTimeStamp const*, unsigned int, unsigned int, CA::Bounds const&, unsigned int) + 519 (QuartzCore) [0x7fff41a154c3] 1 x_heap_new + 66 (QuartzCore) [0x7fff41b56666] 1 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff5e3fc201] 1 szone_malloc_should_clear + 1272 (libsystem_malloc.dylib) [0x7fff5e3fc755] 1 get_malloc_zone + 10 (QuartzCore) [0x7fff41ae3f31] 2 CGXBeginSurfaceLayerUpdate + 7023 (SkyLight) [0x7fff582c7d2c] 2 CGRegionEqualToRegion + 39 (CoreGraphics) [0x7fff36ccd07d] 2 assert_check_region + 22 (CoreGraphics) [0x7fff36cca70e] 1 CGRectIntersection + 671 (CoreGraphics) [0x7fff36cc1d0a] 1 CGXBeginSurfaceLayerUpdate + 2673 (SkyLight) [0x7fff582c6c2e] 1 _CFRelease + 1088 (CoreFoundation) [0x7fff36978fe0] 1 malloc_zone_free + 114 (libsystem_malloc.dylib) [0x7fff5e4000a1] 1 1 CGXBeginSurfaceLayerUpdate + 346 (SkyLight) [0x7fff582c6317] 1 CGXGetDisplaysWithRect + 157 (CoreDisplay) [0x7fff367ec91b] 1 CGRectIntersectsRect + 36 (CoreGraphics) [0x7fff36cbfbf8] 1 CGXBeginSurfaceLayerUpdate + 247 (SkyLight) [0x7fff582c62b4] 1 CGXOnlineDisplayDevices + 5 (CoreDisplay) [0x7fff367e7a53] 1 CGXBeginSurfaceLayerUpdate + 40 (SkyLight) [0x7fff582c61e5] 1 CGXBeginSurfaceLayerUpdate + 6968 (SkyLight) [0x7fff582c7cf5] 1 CGRegionCreateIntersectionWithRegion + 39 (CoreGraphics) [0x7fff36ccb030] 1 assert_check_shape + 21 (CoreGraphics) [0x7fff36cca2f0] 4 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 579 (SkyLight) [0x7fff583629de] 4 malloc + 24 (libsystem_malloc.dylib) [0x7fff5e3fb50b] 4 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff5e3fc201] 2 szone_malloc_should_clear + 422 (libsystem_malloc.dylib) [0x7fff5e3fc403] 2 tiny_malloc_from_free_list + 369 (libsystem_malloc.dylib) [0x7fff5e3fd346] 2 szone_malloc_should_clear + 82 (libsystem_malloc.dylib) [0x7fff5e3fc2af] 1 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 610 (SkyLight) [0x7fff583629fd] 1 CGXUpdateDisplay + 725 (SkyLight) [0x7fff5835e48e] 1 finalize_CoreAnimation_update_state(CGXCoreAnimationUpdateState*) + 84 (SkyLight) [0x7fff58367468] 1 x_list_free_b + 31 (SkyLight) [0x7fff5831010f] 1 CGXFinishSurfaceLayerUpdate + 164 (SkyLight) [0x7fff582c8994] 1 WSCALayerBacking::FinishUpdate() + 33 (SkyLight) [0x7fff5833a227] 1 CARenderUpdateFinish + 22 (QuartzCore) [0x7fff41ae2f32] 1 CA::Render::Update::~Update() + 36 (QuartzCore) [0x7fff41a4b43c] 4 CGXRunOneServicesPass + 460 (SkyLight) [0x7fff583d47d3] 4 run_one_server_pass + 337 (SkyLight) [0x7fff583d4999] 4 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff5e39a7c2] 4 23 22 2 _pthread_wqthread + 980 (libsystem_pthread.dylib) [0x7fff5e4df033] 2 _dispatch_workloop_worker_thread + 78 (libdispatch.dylib) [0x7fff5e2339f4] 2 1 _pthread_start + 377 (libsystem_pthread.dylib) [0x7fff5e4df56d] 1 _pthread_body + 340 (libsystem_pthread.dylib) [0x7fff5e4df6c1] 1 _dispatch_worker_thread + 251 (libdispatch.dylib) [0x7fff5e21ddea] 1 _dispatch_semaphore_wait_slow + 58 (libdispatch.dylib) [0x7fff5e2228e6] 1 semaphore_timedwait_trap + 10 (libsystem_kernel.dylib) [0x7fff5e39a816] 1 1 _pthread_wqthread + 1016 (libsystem_pthread.dylib) [0x7fff5e4df057] 1 _dispatch_kevent_worker_thread + 453 (libdispatch.dylib) [0x7fff5e23377c] 1 _dispatch_event_loop_merge + 31 (libdispatch.dylib) [0x7fff5e2387ea] Binary Images: 0x10550e000 - 0x10550efff WindowServer (312.23.4) /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer 0x7fff36754000 - 0x7fff36820fff com.apple.CoreDisplay 1.0 (81.7) /System/Library/Frameworks/CoreDisplay.framework/Versions/A/CoreDisplay 0x7fff36821000 - 0x7fff36cbafff com.apple.CoreFoundation 6.9 (1451) <739D6558-3DF3-3181-AA07-BBE3882D3B7F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff36cbc000 - 0x7fff372e7ff7 com.apple.CoreGraphics 2.0 (1129.5) /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff419df000 - 0x7fff41c27fff com.apple.QuartzCore 1.11 (584.8.102) <4479AF33-E6EA-3037-A2C1-3C6F12B1260A> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x7fff5818a000 - 0x7fff58424fff com.apple.SkyLight 1.600.0 <455CE6F6-CD58-3E08-8300-CA8BDD3377FC> /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight 0x7fff5e219000 - 0x7fff5e252ff7 libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib 0x7fff5e2a2000 - 0x7fff5e2a2fff libsystem_blocks.dylib (67) /usr/lib/system/libsystem_blocks.dylib 0x7fff5e388000 - 0x7fff5e3adff7 libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib 0x7fff5e3fa000 - 0x7fff5e419fff libsystem_malloc.dylib (140.40.1) <36B22C99-D772-3039-9A4C-AA31389965E1> /usr/lib/system/libsystem_malloc.dylib 0x7fff5e4d4000 - 0x7fff5e4dbff7 libsystem_platform.dylib (161.20.1) /usr/lib/system/libsystem_platform.dylib 0x7fff5e4dc000 - 0x7fff5e4e7fff libsystem_pthread.dylib (301.30.1) /usr/lib/system/libsystem_pthread.dylib Powerstats for: Google Chrome He UUID: 2E6F17DF-BCE7-3217-AD28-F044D11AC430 Start time: 2018-03-01 23:27:22 +0000 End time: 2018-03-01 23:30:54 +0000 Microstackshots: 11 samples (8%) Primary state: 10 samples Non-Frontmost App, Kernel mode, Effective Thread QoS Default, Requested Thread QoS User Interactive, Override Thread QoS Unspecified User Activity: 11 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 11 samples on AC 7 main + 1788 (Google Chrome Helper) [0x106bb749c] 7 ChromeMain + 175 (Google Chrome Framework) [0x106bdd16f] 7 ??? (Google Chrome Framework + 26706596) [0x1085512a4] 7 ??? (Google Chrome Framework + 52763115) [0x109e2a9eb] 7 ??? (Google Chrome Framework + 26709231) [0x108551cef] 7 ??? (Google Chrome Framework + 97486024) [0x10c8d14c8] 7 ??? (Google Chrome Framework + 31070196) [0x10897a7f4] 7 ??? (Google Chrome Framework + 30926670) [0x10895774e] 7 ??? (Google Chrome Framework + 30931310) [0x10895896e] 7 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 277 (Foundation) [0x7fff3898ec16] 7 CFRunLoopRunSpecific + 487 (CoreFoundation) [0x7fff368a2787] 4 __CFRunLoopRun + 1783 (CoreFoundation) [0x7fff368a3117] 4 __CFRunLoopServiceMachPort + 341 (CoreFoundation) [0x7fff368a3dc5] 4 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff5e39a7c2] 3 __CFRunLoopRun + 1820 (CoreFoundation) [0x7fff368a313c] 3 _dispatch_runloop_root_queue_perform_4CF + 162 (libdispatch.dylib) [0x7fff5e228027] 1 _pthread_start + 377 (libsystem_pthread.dylib) [0x7fff5e4df56d] 1 _pthread_body + 340 (libsystem_pthread.dylib) [0x7fff5e4df6c1] 1 ??? (Google Chrome Framework + 31252615) [0x1089a7087] 1 ??? (Google Chrome Framework + 31182178) [0x108995d62] 1 ??? (Google Chrome Framework + 31180616) [0x108995748] 1 ??? (Google Chrome Framework + 31151089) [0x10898e3f1] 1 ??? (Google Chrome Framework + 31253857) [0x1089a7561] 1 Binary Images: 0x106bb6000 - 0x106bc2ff7 com.google.Chrome.helper 64.0.3282.186 (3282.186) <2E6F17DF-BCE7-3217-AD28-F044D11AC430> /Applications/Google Chrome.app/Contents/Versions/64.0.3282.186/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper 0x106bd9000 - 0x10d969f77 com.google.Chrome.framework 64.0.3282.186 (3282.186) <683595E9-E158-361E-BF18-BC75C39A2EB0> /Applications/Google Chrome.app/Contents/Versions/64.0.3282.186/Google Chrome Framework.framework/Versions/A/Google Chrome Framework 0x7fff36821000 - 0x7fff36cbafff com.apple.CoreFoundation 6.9 (1451) <739D6558-3DF3-3181-AA07-BBE3882D3B7F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff3896e000 - 0x7fff38d33fff com.apple.Foundation 6.9 (1451) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x7fff5e219000 - 0x7fff5e252ff7 libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib 0x7fff5e388000 - 0x7fff5e3adff7 libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib 0x7fff5e4dc000 - 0x7fff5e4e7fff libsystem_pthread.dylib (301.30.1) /usr/lib/system/libsystem_pthread.dylib Powerstats for: CiscoVideoGuardM UUID: 26970BC3-D274-3FC8-A666-24BF4BD7531B Start time: 2018-03-01 23:26:33 +0000 End time: 2018-03-01 23:30:18 +0000 Microstackshots: 9 samples (6%) Primary state: 9 samples Non-Frontmost App, Kernel mode, Effective Thread QoS Default, Requested Thread QoS Default, Override Thread QoS Unspecified User Activity: 9 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 9 samples on AC 9 _pthread_start + 357 (libsystem_pthread.dylib) [0xa782c3b2] 9 _pthread_body + 347 (libsystem_pthread.dylib) [0xa782c50d] 9 ??? (CiscoVideoGuardMonitor + 2525622) [0x3629b6] 9 ??? (CiscoVideoGuardMonitor + 263818) [0x13a68a] 9 ??? (CiscoVideoGuardMonitor + 262612) [0x13a1d4] 9 ??? (CiscoVideoGuardMonitor + 345957) [0x14e765] 9 ??? (CiscoVideoGuardMonitor + 346807) [0x14eab7] 9 pthread_cond_timedwait$UNIX2003 + 52 (libsystem_pthread.dylib) [0xa7832535] 9 __psynch_cvwait + 10 (libsystem_kernel.dylib) [0xa76fdd26] Binary Images: 0xfa000 - 0x40dff3 com.cisco.videoguardmonitor 1.0 (1.0) <26970BC3-D274-3FC8-A666-24BF4BD7531B> /Users/USER/Library/Cisco/*/VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor 0xa76e1000 - 0xa7704ff7 libsystem_kernel.dylib (4570.41.2) <649BB7E7-6378-3D2C-BBC6-ED2577E551B9> /usr/lib/system/libsystem_kernel.dylib 0xa7829000 - 0xa7833ff3 libsystem_pthread.dylib (301.30.1) <7409C1E5-F3BA-3AB3-ADC1-9DCD356C6C13> /usr/lib/system/libsystem_pthread.dylib