The Windows Process Journey — “fsquirt.exe” (Bluetooth File Transfer)

“fsquirt.exe” is a PE binary located at “%windir%\System32\fsquirt.exe” which is used for sending/receiving files using Bluetooth. On 64-bit systems there is a 32-bit version located at “%windir%\SysWOW64\fsquirt.exe”. By the way, the binary is also digitally signed by Microsoft.

Thus, “fsquirt.exe” is the default Bluetooth file transfer wizard on Windows systems (https://renenyffenegger.ch/notes/Windows/dirs/Windows/System32/fsquirt_exe). The file transfer can be done between two computer that support Bluetooth, mobile phones or any other Bluetooth enabled devices (https://learn.microsoft.com/en-us/windows-hardware/drivers/bluetooth/bluetooth-user-interface )

Lastly, “fsquirt.exe” is also configured in the registry in the following registry location: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths”. The “App Paths” subkey is checked when the ShellExecuteExW(https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shellexecuteexW) API function is called (The same goes for ShellExecuteExA). By registering an application using that subkey we can avoid the need for modifying the PATH environment variable (https://learn.microsoft.com/en-us/windows/win32/shell/app-registration).

See you in my next writeup ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru). Also, you can read my other writeups on medium — https://medium.com/@boutnaru. You can find my free eBooks at https://TheLearningJourneyEbooks.com.