Okay so I ran the sample again and the dropped file was quickly detected as Win32/Packed.Obsidium.LG
So as far as I can tell Eset now blocks the file before it does any damage. Thanks for the quick implementation of the detection.
The only thing that bothers me is: Why didnt Eset block the sample automatically before?
I mean it adds exceptions to Defender to evade detection, it breaks and deletes Windows Update.
Arent that actions that should be prevented by HIPS/Behavioral Detection?