Parent page of this data file: https://divinity-in-action.com/articles/pegasusspyware/macbooks/ Spyware Found on Irina Bright’s MacBooks, Which May Be Related to Pegasus Spyware. File name: WindowServer_2018-03-02-113524_Irinas-MacBook-Pro.wakeups_resource.diag Downloaded from: McBook > Library_Logs_DiagnosticReports. Date/Time: 2018-03-02 11:30:29.814500 +0000 OS Version: Mac OS X 10.13.3 (Build 17D102) Architecture: x86_64 Report Version: 19 Command: WindowServer Path: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer Version: ??? (???) Parent: launchd [1] PID: 168 Event: wakeups Wakeups: 45001 wakeups over the last 283 seconds (159 wakeups per second average), exceeding limit of 150 wakeups per second over 300 seconds Action taken: none Duration: 283.07s Steps: 121 Hardware model: MacBookPro9,2 Active cpus: 4 Fan speed: 1979 rpm Powerstats for: WindowServer [168] UUID: BD323A05-A87E-3D6E-846C-32A16D2E5CB3 Start time: 2018-03-02 11:30:30 +0000 End time: 2018-03-02 11:35:12 +0000 Parent: launchd Microstackshots: 108 samples (89%) Primary state: 54 samples Non-Frontmost App, User mode, Effective Thread QoS Unspecified, Requested Thread QoS Unspecified, Override Thread QoS Unspecified User Activity: 108 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 108 samples on AC 57 ??? (WindowServer + 3550) [0x10e3c8dde] 57 SLXServer + 832 (SkyLight) [0x7fff5dbad2b9] 52 CGXRunOneServicesPass + 247 (SkyLight) [0x7fff5dbac6fe] 52 run_timer_pass + 495 (SkyLight) [0x7fff5db7cce4] 52 update_display_callback(void*, double) + 257 (SkyLight) [0x7fff5db35f86] 52 CGXUpdateDisplay + 5711 (SkyLight) [0x7fff5db37808] 52 prepare_CoreAnimation_update_state(CGXConnection*, CGXWindowSubArray, bool, bool) + 554 (SkyLight) [0x7fff5db3a9c5] 39 CGXBeginSurfaceLayerUpdate + 7388 (SkyLight) [0x7fff5da9fe99] 33 invalidate_window_surface_region + 189 (SkyLight) [0x7fff5da9a6d0] 6 reschedule_callback_on_session + 275 (SkyLight) [0x7fff5db7c5ba] 5 reschedule_callback_on_session + 387 (SkyLight) [0x7fff5db7c62a] 2 szone_size + 340 (libsystem_malloc.dylib) [0x7fff63bd59bd] 2 free_tiny + 136 (libsystem_malloc.dylib) [0x7fff63bec068] 1 free + 240 (libsystem_malloc.dylib) [0x7fff63bd574d] 3 reschedule_callback_on_session + 65 (SkyLight) [0x7fff5db7c4e8] 1 _Block_object_assign + 349 (libsystem_blocks.dylib) [0x7fff63a7ac39] 1 CGSessionControlIsSessionDefunct + 116 (SkyLight) [0x7fff5db2f75b] 1 CGSessionControlIsSessionDefunct + 79 (SkyLight) [0x7fff5db2f736] 1 CFDictionaryContainsValue + 119 (CoreFoundation) [0x7fff3c05a367] 1 CFBasicHashGetCountOfValue + 430 (CoreFoundation) [0x7fff3c05a55e] 1 CFBasicHashGetBucket + 25 (CoreFoundation) [0x7fff3c024e09] 3 __malloc_init + 606 (libsystem_malloc.dylib) [0x7fff63bd34f3] 2 reschedule_callback_on_session + 94 (SkyLight) [0x7fff5db7c505] 2 malloc + 24 (libsystem_malloc.dylib) [0x7fff63bd350b] 2 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff63bd4201] 2 szone_malloc_should_clear + 422 (libsystem_malloc.dylib) [0x7fff63bd4403] 2 tiny_malloc_from_free_list + 41 (libsystem_malloc.dylib) [0x7fff63bd51fe] 2 _os_nospin_lock_lock + 14 (libsystem_platform.dylib) [0x7fff63cb08de] 2 _os_nospin_lock_lock + 8 (libsystem_platform.dylib) [0x7fff63cb08d8] 2 CGXInvalidateDisplayShape + 90 (SkyLight) [0x7fff5db44535] 2 CGRegionIsValid + 1 (CoreGraphics) [0x7fff3c7baa9f] 1 reschedule_callback_on_session + 4 (SkyLight) [0x7fff5db7c4ab] 1 CGXInvalidateDisplayShape + 528 (SkyLight) [0x7fff5db446eb] 1 scheduleConnectionModificationActivityTimer + 13 (SkyLight) [0x7fff5da1d974] 1 SLSCurrentRealTime + 13 (SkyLight) [0x7fff5db20b40] 1 mach_absolute_time + 26 (libsystem_kernel.dylib) [0x7fff63b71c71] 1 reschedule_callback_on_session + 140 (SkyLight) [0x7fff5db7c533] 1 SLSCurrentRealTime + 38 (SkyLight) [0x7fff5db20b59] 1 reschedule_callback_on_session + 246 (SkyLight) [0x7fff5db7c59d] 1 CGXInvalidateDisplayShape + 126 (SkyLight) [0x7fff5db44559] 1 DYLD-STUB$$_os_nospin_lock_trylock + 6 (SkyLight) [0x7fff5dbba60c] 1 updateConnectionIdleState + 56 (SkyLight) [0x7fff5da1d393] 3 invalidate_window_surface_region + 50 (SkyLight) [0x7fff5da9a645] 3 CGXCreateScreenVisibleContentShapeForWindow + 35 (SkyLight) [0x7fff5d9dc28d] 3 create_opaque_shape_above_for_window + 42 (SkyLight) [0x7fff5d9dbc0a] 2 WSGetGeometrySeed + 10 (CoreDisplay) [0x7fff3bfc7a7c] 2 CGXGetCurrentSessionScoreboardDisplaySet + 15 (SkyLight) [0x7fff5db8eb38] 1 CGXSenderCanSynthesizeEvents + 159 (SkyLight) [0x7fff5db8eb29] 2 invalidate_window_surface_region + 197 (SkyLight) [0x7fff5da9a6d8] 2 CGRegionRelease + 22 (CoreGraphics) [0x7fff3c4a2de2] 2 assert_check_shape + 9 (CoreGraphics) [0x7fff3c4a22e4] 1 invalidate_window_surface_region + 114 (SkyLight) [0x7fff5da9a685] 1 create_screen_region_with_window_region + 116 (SkyLight) [0x7fff5d9dba38] 5 CGXBeginSurfaceLayerUpdate + 6968 (SkyLight) [0x7fff5da9fcf5] 2 region_create_with_shape + 37 (CoreGraphics) [0x7fff3c49704a] 2 CGTypeCreateInstance + 46 (CoreGraphics) [0x7fff3c496083] 2 _CFRuntimeCreateInstance + 635 (CoreFoundation) [0x7fff3bffc30b] 2 object_setClass + 181 (libobjc.A.dylib) [0x7fff62e357d7] 2 region_create_with_shape + 27 (CoreGraphics) [0x7fff3c497040] 1 CGRegionCreateIntersectionWithRegion + 104 (CoreGraphics) [0x7fff3c4a3071] 1 shape_intersect + 125 (CoreGraphics) [0x7fff3c4a30fa] 1 malloc + 24 (libsystem_malloc.dylib) [0x7fff63bd350b] 1 malloc_zone_malloc + 103 (libsystem_malloc.dylib) [0x7fff63bd4201] 1 szone_malloc_should_clear + 1600 (libsystem_malloc.dylib) [0x7fff63bd489d] 1 small_malloc_from_free_list + 171 (libsystem_malloc.dylib) [0x7fff63bd60a9] 1 small_free_list_remove_ptr_no_clear + 109 (libsystem_malloc.dylib) [0x7fff63be1e96] 3 CGXBeginSurfaceLayerUpdate + 7791 (SkyLight) [0x7fff5daa002c] 2 _CFRelease + 1080 (CoreFoundation) [0x7fff3c150fd8] 1 _CFRelease + 300 (CoreFoundation) [0x7fff3c150ccc] 1 region_finalize + 40 (CoreGraphics) [0x7fff3c4a2e75] 1 free_tiny + 628 (libsystem_malloc.dylib) [0x7fff63bec254] 1 get_tiny_free_size + 76 (libsystem_malloc.dylib) [0x7fff63bd6641] 2 CGXBeginSurfaceLayerUpdate + 7810 (SkyLight) [0x7fff5daa003f] 1 CGXBeginSurfaceLayerUpdate + 1670 (SkyLight) [0x7fff5da9e843] 1 WSGetCompositorMetal + 1132 (SkyLight) [0x7fff5da562fb] 1 CGColorSpaceRelease + 1 (CoreGraphics) [0x7fff3c498ae9] 1 CGXBeginSurfaceLayerUpdate + 7023 (SkyLight) [0x7fff5da9fd2c] 1 CGRegionEqualToRegion + 57 (CoreGraphics) [0x7fff3c4a508f] 1 shape_is_equal + 300 (CoreGraphics) [0x7fff3c535c80] 5 CGXRunOneServicesPass + 460 (SkyLight) [0x7fff5dbac7d3] 5 run_one_server_pass + 337 (SkyLight) [0x7fff5dbac999] 5 mach_msg_trap + 10 (libsystem_kernel.dylib) [0x7fff63b727c2] 5 23 17 8 _pthread_wqthread + 980 (libsystem_pthread.dylib) [0x7fff63cb7033] 8 _dispatch_workloop_worker_thread + 880 (libdispatch.dylib) [0x7fff63a0bd16] 8 _dispatch_root_queue_drain_deferred_wlh + 332 (libdispatch.dylib) [0x7fff63a07f02] 8 _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff639fa0fd] 7 _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff63a0706f] 7 _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff639f5018] 7 _dispatch_continuation_pop + 472 (libdispatch.dylib) [0x7fff63a05e76] 6 _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff639f2d50] 2 dispatch_mig_server + 670 (libdispatch.dylib) [0x7fff639ff063] 2 2 dispatch_mig_server + 413 (libdispatch.dylib) [0x7fff639fef62] 2 _IODispatchCalloutWithDispatch + 33 (IOKit) [0x7fff3e83314e] 2 IODispatchCalloutFromCFMessage + 365 (IOKit) [0x7fff3e8332c5] 2 _Block_release + 120 (libsystem_blocks.dylib) [0x7fff63a7a9a6] 2 objc_destructInstance + 143 (libobjc.A.dylib) [0x7fff62e342e4] 2 objc_object::sidetable_clearDeallocating() + 52 (libobjc.A.dylib) [0x7fff62e34580] 2 2 mach_msg + 1 (libsystem_kernel.dylib) [0x7fff63b71ca1] 2 1 __IONotificationPortSetDispatchQueue_block_invoke + 1 (IOKit) [0x7fff3e833114] 1 1 _dispatch_queue_serial_drain + 1030 (libdispatch.dylib) [0x7fff63a07397] 1 3 _pthread_start + 377 (libsystem_pthread.dylib) [0x7fff63cb756d] 3 _pthread_body + 340 (libsystem_pthread.dylib) [0x7fff63cb76c1] 2 _dispatch_worker_thread + 175 (libdispatch.dylib) [0x7fff639f5d9e] 2 _dispatch_root_queue_drain + 515 (libdispatch.dylib) [0x7fff639f4941] 2 _dispatch_queue_invoke + 373 (libdispatch.dylib) [0x7fff639fa0fd] 2 _dispatch_queue_serial_drain + 222 (libdispatch.dylib) [0x7fff63a0706f] 2 _dispatch_source_invoke + 620 (libdispatch.dylib) [0x7fff639f5018] 2 _dispatch_continuation_pop + 472 (libdispatch.dylib) [0x7fff63a05e76] 2 _dispatch_client_callout + 8 (libdispatch.dylib) [0x7fff639f2d50] 2 dispatch_mig_server + 413 (libdispatch.dylib) [0x7fff639fef62] 2 _IODispatchCalloutWithDispatch + 33 (IOKit) [0x7fff3e83314e] 2 IODispatchCalloutFromCFMessage + 365 (IOKit) [0x7fff3e8332c5] 2 ioAccelCommandQueueBlockFenceCallback + 44 (IOAccelerator) [0x7fff5606f3c9] 2 -[_MTLCommandQueue commandBufferDidComplete:startTime:completionTime:error:] + 279 (Metal) [0x7fff4067b69f] 2 -[MTLIOAccelCommandBuffer didCompleteWithStartTime:endTime:error:] + 88 (Metal) [0x7fff40630b19] 2 -[_MTLCommandBuffer didCompleteWithStartTime:endTime:error:] + 634 (Metal) [0x7fff40676fff] 2 pthread_cond_broadcast + 381 (libsystem_pthread.dylib) [0x7fff63cb60c8] 1 _dispatch_worker_thread + 251 (libdispatch.dylib) [0x7fff639f5dea] 1 _dispatch_semaphore_wait_slow + 58 (libdispatch.dylib) [0x7fff639fa8e6] 1 semaphore_timedwait_trap + 10 (libsystem_kernel.dylib) [0x7fff63b72816] 1 Binary Images: 0x10e3c8000 - 0x10e3c8fff WindowServer (312.23.4) /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer 0x7fff3bf2c000 - 0x7fff3bff8fff com.apple.CoreDisplay 1.0 (81.7) /System/Library/Frameworks/CoreDisplay.framework/Versions/A/CoreDisplay 0x7fff3bff9000 - 0x7fff3c492fff com.apple.CoreFoundation 6.9 (1451) <739D6558-3DF3-3181-AA07-BBE3882D3B7F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff3c494000 - 0x7fff3cabfff7 com.apple.CoreGraphics 2.0 (1129.5) /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff3e820000 - 0x7fff3e8bbfff com.apple.framework.IOKit 2.0.2 <9CFA07B9-BA6E-31E4-AD4F-C47071A8C522> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x7fff40622000 - 0x7fff406a1fff com.apple.Metal 124.7 (124.7) /System/Library/Frameworks/Metal.framework/Versions/A/Metal 0x7fff5606b000 - 0x7fff56072ffb com.apple.IOAccelerator 376.6 (376.6) /System/Library/PrivateFrameworks/IOAccelerator.framework/Versions/A/IOAccelerator 0x7fff5d962000 - 0x7fff5dbfcfff com.apple.SkyLight 1.600.0 <455CE6F6-CD58-3E08-8300-CA8BDD3377FC> /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight 0x7fff62e2b000 - 0x7fff6321c3b7 libobjc.A.dylib (723) <37A7D77E-952C-3F5D-970B-3CDE349B2322> /usr/lib/libobjc.A.dylib 0x7fff639f1000 - 0x7fff63a2aff7 libdispatch.dylib (913.30.4) <7D0E3183-282B-3FEE-A734-2C0ADC092084> /usr/lib/system/libdispatch.dylib 0x7fff63a7a000 - 0x7fff63a7afff libsystem_blocks.dylib (67) /usr/lib/system/libsystem_blocks.dylib 0x7fff63b60000 - 0x7fff63b85ff7 libsystem_kernel.dylib (4570.41.2) <5155A4C3-825B-3178-AC51-0D2D2F2A6618> /usr/lib/system/libsystem_kernel.dylib 0x7fff63bd2000 - 0x7fff63bf1fff libsystem_malloc.dylib (140.40.1) <36B22C99-D772-3039-9A4C-AA31389965E1> /usr/lib/system/libsystem_malloc.dylib 0x7fff63cac000 - 0x7fff63cb3ff7 libsystem_platform.dylib (161.20.1) /usr/lib/system/libsystem_platform.dylib 0x7fff63cb4000 - 0x7fff63cbffff libsystem_pthread.dylib (301.30.1) /usr/lib/system/libsystem_pthread.dylib Powerstats for: CiscoVideoGuardM UUID: 26970BC3-D274-3FC8-A666-24BF4BD7531B Start time: 2018-03-02 11:32:04 +0000 End time: 2018-03-02 11:34:32 +0000 Microstackshots: 10 samples (8%) Primary state: 9 samples Non-Frontmost App, Kernel mode, Effective Thread QoS Default, Requested Thread QoS Default, Override Thread QoS Unspecified User Activity: 10 samples Idle, 0 samples Active Power Source: 0 samples on Battery, 10 samples on AC 10 _pthread_start + 357 (libsystem_pthread.dylib) [0xa782c3b2] 10 _pthread_body + 347 (libsystem_pthread.dylib) [0xa782c50d] 10 ??? (CiscoVideoGuardMonitor + 2525622) [0x2f59b6] 10 ??? (CiscoVideoGuardMonitor + 263818) [0xcd68a] 9 ??? (CiscoVideoGuardMonitor + 262612) [0xcd1d4] 9 ??? (CiscoVideoGuardMonitor + 345957) [0xe1765] 9 ??? (CiscoVideoGuardMonitor + 346807) [0xe1ab7] 9 pthread_cond_timedwait$UNIX2003 + 52 (libsystem_pthread.dylib) [0xa7832535] 9 __psynch_cvwait + 10 (libsystem_kernel.dylib) [0xa76fdd26] 1 ??? (CiscoVideoGuardMonitor + 262628) [0xcd1e4] 1 ??? (CiscoVideoGuardMonitor + 262928) [0xcd310] 1 _pthread_key_global_init + 85 (libsystem_pthread.dylib) [0xa782a0f6] 1 Binary Images: 0x8d000 - 0x3a0ff3 com.cisco.videoguardmonitor 1.0 (1.0) <26970BC3-D274-3FC8-A666-24BF4BD7531B> /Users/USER/Library/Cisco/*/VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor 0xa76e1000 - 0xa7704ff7 libsystem_kernel.dylib (4570.41.2) <649BB7E7-6378-3D2C-BBC6-ED2577E551B9> /usr/lib/system/libsystem_kernel.dylib 0xa7829000 - 0xa7833ff3 libsystem_pthread.dylib (301.30.1) <7409C1E5-F3BA-3AB3-ADC1-9DCD356C6C13> /usr/lib/system/libsystem_pthread.dylib