Leaving out the long story, I installed PirateMatryoshka into a sandbox yesterday out of ignorance and curiosity, which WFC blocked irsetup.exe, but I let through. It asked for a Piratebay login which I didn't have and I closed it. I ran Malwarebytes through the sandbox and it missed zernvo.exe. https://www.virustotal.com/gui/file/95d45e83d2328d280dea2f9f56aac67579b4c150a4ad5a5226160d50cc0b5dad/detection I'm kind of disappointed it missed it and anything else malignant that was installed. When I have time I will browse the sandbox to see if anything else was done and missed.