and this game is before the return window. I've had it for 3 days, Never got a chance to play it, and am still reluctant to asks for a refund as it looks like a good game.
the file that is deteted is by Malwarebytes a high profile scanner, or I'd ignor it as a FP. It is also detected by Virustotal as another malware program that liberates hackers into your PC for various reasons. And Rkill, just now(in safemode after resetting all browsers to default) has detected a certain "(PID: 3668) {UP-HEUR} in "onedrive" and the user
\temp file as a PID: 3040) {T-HEUR}
too much evidence stands against the exe file in question, NECRONO.EXE located in the game's folder on D:\GOG GAMES\NECR...MICON\NECRONO.EXE(not in all caps but for purpose of malware bytes report I put it that way, cannot copy/paste I copyed it by hand and eye. replacec "..." with Necronomicon.

It's an old game, it probably has some janky code. But I expect GOG does some amount of vetting. It's also possible that some of the patches added years later to fix this release are being detected as malware.

False positives are common enough with software. A patched version of a game from the 90s doubly so, since those patches are almost always done without access to the underlying code meaning the changes are done in a way that probably doesn't look 'legitimate' to a file scanner.