suspect folder named 73UVK6498D

Thanks, I had forgotten that location.

The clear answer is "File List Export" (listed on App Store as "Files List Export") which I apparently installed 1 Feb and which was updated 9 Feb. I might indeed have been looking for such a tool. I have just contacted the developer to ask about the folder name. Maybe it's all harmless.

Strange that the App Store didn't show the purchase. I need to check my credit card to see how I paid for it.

I see that many original Apple folders have a similar structure, basically showing the system directories, some files and many links to files. Perhaps I was overreacting after finding and deleting the "ru.keepcoder.Telegram" folder.

Thanks for your help too.

The developer says:

"...this is normal. 73UVK6498D is the ID of File list export app."

I commented that it looks suspect because all other folders in that directory start with DOTcom or DOTnet. Perhaps they will conform ;-)

Indeed, the "ru.keepcoder" files were infact "ru.keepcoder.Telegram" although I do not have Telegram installed and have never used it.

I just did a local search for 73UVK6498D and found several occurrences:

Apparently the irregular location was the reason that the ru.keepcoder malware evaded detection. It might have been placed there hoping that I would use Telegram at some time.

I just did a complete disk search (not just user based) and found 2 additional files:

Do you believe the files 73UVK6498D might be needed elsewhere or can I just delete the folder?

I didn't know about other app stores, but would not use them anyway. I do have some apps from legit companies, but not installed since 9 Feb 2024 afaik.

The folders you kindly pointed to were clean and I also just deleted zoom which I hate and avoid. I regularly use EtreCheck, which normally picks up such things.

The plist screenshot shows "storedownloadd" which is misspelt with an extra d.

There are just so many shortcuts within the folder, incl. to my contacts (whom I do not want to compromise) and also to my favorite locations, which naturally is all very important data.

I was travelling, so I will make an immediate TM backup (which is normally on all the time when I am at base) and then delete the whole folder. It just sounds too risky!

Time will tell whether it is important, but I imagine not so, as you didn't find it on your system. It appears to fit into the category of the Telegram malware mentioned above, which just waits to be activated if certain circumstances arise. That incidentally bundles everything into a zip file and uploads it somewhere.

I prefer not to wait though ;-)

Thanks for your help.

Where could I find a list of other Apps recently installed please? I have certainly installed apps since 9 Feb. (incl. Proton VPN and BitDefender), which did not come from the app store. I don't just remember which. However, as the plist was last opened 9 Feb, that seems to be a magical date, although a very unlikely one as I was travelling.

I guess all fields have their challenges. Anyway, the developer of File List Export apologised as it was his first ever app, so I don't know how his other apps look. At least a good dialog and that's how misunderstandings are solved.

So the problem has been solved now. Thanks again for the ping-pong game.

I do not use Telegram and do not have it installed.

73UVK6498D.plist show that it was a 73UVK6498D.pkg

I have no idea where it came from and I am sure that I didn't download and install anything on that date.

Interesting, but nothing installed for the past 18 months on my laptop! Maybe on my iPad, but that is not where the problems lies.

Nothing found in the Applications folder by that name!