>>6015705 (PB)
This is meh
There could be fairly reasonable explanation for all these.
The 'evil' script is just a minimized node web app, most of it is standard libraries.
User password sent over HTTPS? that's why HTTPS exists.
Probably uses an IE module to display an embedded web interface . IE accesses certs and gps because it does it by default and it's win10.
Reading active processes is usually an anti cheat measure.
Not to defend Tencent but this isn't evidence of wrongdoing, imo.
Accepting the tracking is an other story.