corecaptured

executablemacOS101.4 KBx86_64, arm64

System driver communication daemon — facilitates direct hardware and driver interactions

Manages direct communication with DriverKit drivers and hardware subsystems through privileged kernel interfaces. Operates as a hardened runtime process with restricted execution environment. Exposes an XPC service for other system components to request hardware operations or driver communications. Handles telemetry reporting to Apple infrastructure and maintains references to multiple bundle identifiers, suggesting coordination across several system services. Includes security constraints that prevent unauthorized access to the driver communication layer.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 101.4 KB
UUID: 4FDE4E54-9883-3972-93E9-EE7B9036218A
Analyzed: 2026-04-09T09:45:38Z
CDHash: 061211e5e9bd104867a0890829d5eaa28fcef964bc690756cdc95f4f52388fc7

Capabilities

HardwareDirect DriverKit driver communication

com.apple.private.driverkit.driver-access

com.apple.private.wifi.driverkit com.apple.private.bluetooth.driverkit com.apple.private.corecaptureclient.driverkit

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

SecurityHardened runtime process

com.apple.developer.hardened-process [object Object]

Frameworks6

CrashReporterSupport CoreCaptureDaemon IOKit CoreFoundation libc++.1.dylib libSystem.B.dylib

Entitlements8

com.apple.corecapture.userclienttrue

com.apple.corecaptured.remoteservice-accesstrue

com.apple.developer.hardened-processtrue

com.apple.osanalytics.otatasking-service-accesstrue

com.apple.private.MobileGestalt.AllowedProtectedKeys

InverseDeviceID

com.apple.private.driverkit.driver-access

com.apple.private.wifi.driverkit com.apple.private.bluetooth.driverkit com.apple.private.corecaptureclient.driverkit

com.apple.security.iokit-user-client-class

IOReportUserClient RootDomainUserClient CCLogPipeUserClient CCDataPipeUserClient IOUserUserClient

com.apple.security.temporary-exception.files.absolute-path.read-only

/private/var/Managed Preferences/mobile//private/var/tmp/com.apple.corecaptured/

Interesting Strings

Bundle IDs(26)

com.apple.corecapture.userclient com.apple.private.wifi.driverkit $com.apple.developer.hardened-process %com.apple.private.bluetooth.driverkit (/private/var/tmp/com.apple.corecaptured/

File Paths(8)

(/private/var/Managed Preferences/mobile/(/private/var/tmp/com.apple.corecaptured//System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/PrivateFrameworks/CoreCaptureDaemon.framework/Versions/A/CoreCaptureDaemon

telemetry(2)

/com.apple.osanalytics.otatasking-service-access <key>com.apple.osanalytics.otatasking-service-access</key>

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

Endpoints(7)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

HostnameDcom.apple.security.temporary-exception.files.absolute-path.read-only0T

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

2

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

2

File Paths

8

Bundle IDs

26

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code9d249754da8311f61efa7629c5439990991d914904732321aea21361aa3bddb8

Importsc261f8226bb98b00e66be278411899099e9304618c16932879f20055c6386100

Frameworkse4e1943d05820e8eaa460b34592153f8d24d8c12ff7d172f82ba067464ce08ec

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlements29711893984a7d6ed9d52afb7a5845c59d8f953ef14c396fea8495872c9d881f

Symbolsc261f8226bb98b00e66be278411899099e9304618c16932879f20055c6386100

Static Libraries0 / 2 functions identified

Functions(2)

0x1000006e8sub_1000006e8

0x100000778sub_100000778

Imports16 symbols from 2 dylibs

libSystem.B.dylib12 CoreCaptureDaemon4

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

applessdstatistics

wifiFirmwareLoader

MobileAssetEarlyBootTask