The second screenshot you provided is just what the name says: a sample config.
There are a whole host of options that can be added the wp-config.php file to customize the WordPress site for individual needs. See: https://developer.www.ads-software.com/apis/wp-config-php/
That said, bad actors — after leveraging some other vulnerability on the site — may also be able to add their own dirty laundry.
The line…
define( 'DISALLOW_FILE_EDIT', true );
… simply disables the code editor for editing theme and plugin files in the admin dashboard. This is added (manually or automatically by security plugins) as a security feature. See the official documentation here: https://developer.www.ads-software.com/apis/wp-config-php/#disable-the-plugin-and-theme-file-editor.
As to what follows, I can’t tell you what it is or what it does (or even if it’s a sign of a compromised site)… because you’ve blanked it out and I can’t see it.
That said, the code seems to be referencing some site directory inside wp-includes/blocks/, but the latest version of WordPress doesn’t ship with such a directory: https://core.trac.www.ads-software.com/browser/tags/6.4.3/src/wp-includes/blocks
Good luck!
