el el amiril

It's detected by 1 AV according to the screenshot, most likely it's a false positive. You can contact the vendor for an opinion on their detection so that they can fix it.

Eset consumer products have the same protection mechanisms as its Endpoint Products. That is;
1. NOD32 is equivalent to EEA.
2. Internet Security is equivalent to EES.
3. Smart Security Premium is  equivalent to EES + EDTD.

No security solution detects 100% of all threats with zero false positives. ESET is very good at malware detection no matter whether it's ransomware or other threats. You can refer to MGR Effitas tests which tests AVs against ransomware too: https://www.mrg-effitas.com/wp-content/uploads/2023/02/MRG_Effitas_360_Q4_2022.pdf

I strongly discourage you from opening websites on physical machines that another person reports as possibly infected. And yes, the detection occurs under specific conditions.

Also ESET is not the only AV to detect the threat:

Since you modified it brother , you broke the signature, you modified the contents as then the signature of the maker is broken
This will give an indicator to A.I scanners that this file might be malicious.
Because the A.I usually knows this software/installer as trusted and signed , then suddenly you uploaded it differently and unsigned , it will look suspicious to the Bots(A.I).
The new un-modified installer that you uploaded got 2 detections , those are false-positives , the A.I might detect them because installer is new , it might feel it's a bit suspicous
once you played with the HEX and added ZEROs, 2 more A.I hated your modification and found it suspicious and also you broke the signature of the developers.
 
Since I was marked as a solution , I may be wrong or not 100% accurate , if I am mistaken , please correct me

Corrupt, not subject to detection.

A clean file with a valid Comodo digital signature, not subject to detection.

By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).

That entry is a leftover from a removed app that was located in one of the Program Files folders, Download Autoruns.
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
Extract Autoruns64.exe and right click run as administrator. Accept the EULA. When it finishes scanning, select the Logon tab, the entry will be highlighted in yellow. Right click on the entry and delete it.

Didn't find anything suspicious. I have no idea where Task manager gets it from since the string was not present in registry keys containing applications that were disabled from running.

It's a forum announcement for those who have encountered the said detections and have 3CX Desktop application installed. The announcement redirects to an alert on 3CX vendor's website.

Please provide logs collected with ESET Log Collector. Only screenshots are useless.

It's a potentially unwanted application. If you want to use it regardless, add the blocked url to the list of allowed URLs in the advanced setup -> Web access protection -> URL management.

Assumed is the OP did not have Eset installed when he was infected with ransomware. If Eset was installed, he would be "ranting" how Eset didn't detect it.

I've just come across a case where the user downloaded a KMS "activator":
27. 3. 2023 20:33:45    Real-time file system protection    file    D:\SOFT  WIN10\Ofimatika\Office Professional Plus 2021 AIO 2 In 1 - 2202 (build 14931.20132) - Ita (23 Aprile 2022) by GRISU\Activator_KMS_VL_ALL_AIO\KMS_VL_ALL_AIO.exe    Win32/Filecoder.Crysis.P trojan    cleaned by deleting   Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (6DAB8C3822A0CAB5B621FD2B7F16AEBB159BCB56).  
Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files.

Microsoft ended support for Windows 7 on Jan 14, 2020:
https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962
As of then the OS became vulnerable since no security updates were released. Also you have NOD32 Antivirus installed which provides basic protection, ie. network protection is missing as well as ESET LiveGuard (available in ESET Smart Security Premium) which performs analysis of suspicious downloaded files in a cloud sandbox before the files are allowed to run.

More AVs detected those files initially, some were detected by Microsoft as well. We hope that Microsoft will start to sign their files or take other measures in cooperation with AV vendors to prevent false positives on non-prevalent files.

Win 10/11 HVMI and HVCI should never be disabled unless there are serious operational problems with using Windows on the device. Win10/11 advanced protection mechanisms rely on HVMI and HVCI being operational.