Firstly, it is clear the client is listing all of the processes running on the system. As seen below
As well as following up with trying to access .dll files of other programs.
Computer is infected. I started ProcessMon, I set a filter to include EpicGamesLauncher.exe, I started EGS, I let it get all of the way to usable, I closed the window, and then I closed it in the system tray. I then did a search for "fiddler" and...
What's more worrying is that the user goes on to show that the client likes accessing your root certs on the PC.
Insignificant. EGS has to pass through UAC before it can even launch which means security certificates are involved. Then it's a signed executable so Windows has to authenticate that signature. Once the app is launched, it undeniably uses HTTPS to sign in which involves more certificates. On top of that, it probably uses certificates and encryption to enforce licensing on games.
As well as all things Internet related, including Cookies, Keys and other aspects.
EGS is clearly designed around a webkit browser not unlike Steam uses Chromium. When the webkit initializes, it checks for cookies which may contain settings relevant to the browser and the specific user. Not extraordinary.
As well as a hardware survey, like Steams, without asking your prior permission to do so
Most applications these days need to know hardware capabilities before attempting to initialize something that requires it. On that note, it didn't actually run when I started it:
But it appears that it did run 8 days ago.
Do I care? Not particularly. Developers need to know what hardware they should target. It's not like bank info or something truly sensitive.
However, none of this is not as bad as the final, Despite users not wishing to link their Epic games account with their steam account or their friends list, and without any permission or notification Epic Games launcher is taking a copy of your steam localconfig.vdf. a file containing your entire steam data, Friends list, Games owned, playtime history.
Epic Games have confirmed that it is in fact true, with Tim Sweeney stating Epic "ought to only access the localconfig.vdf file after the user chooses to import Steam friends" .
With Epics links to Chinese company Tencent, it really does make you wonder what they're compiling all this data for and if it isn't getting passed on to other parties.
The bulk of what EGS does, in fact, is scan Steam's entire userdata directory and it seems to glance in every folder...repeatedly...for some weird reason. After about the fourth time, it does read the whole localconfig.vdf file but it does not copy it. It closes the file, then immediately queries the metadata from its own games, in my case: EdithFinch, ThimbleweedPark, JackboxPartyPack1, AxiomVerge and it does this twice. Then it goes back to the registry looking for more steam installs (via more registry keys) to scan...it repeats this whole process three times in my case probably because of Public, Admin, and limited user accounts. Seems like poorly written code that doesn't really do anything. Immeidately after looking at Steam userdata, it starts doing a lot of webwork likely initializing the UI. Once it is done with that, it enumerates all of the running processes (not sure why...could be looking for games currently running like EGS crashed and restarted). Then it goes back to web caching.
All told, I really see nothing of particular concern.
Going to run Wireshark next. In particular, I'm wondering why EGS keeps tapping 230.0.0.1:6666...
Edit: Has something to do with IGMP (multicasting) on a 240.#.#.# IP. Multicast cuts down on bandwidth consumption but why they are joining a multicast group, I'm not sure. Not particularly concerned about it because there's multiple legitimate uses for it (e.g. how it is downloading the video playing on the store page).