!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
advapi32
ToInt32
cbReserved2
lpReserved2
<Module>
TOKEN_READ
STANDARD_RIGHTS_READ
STANDARD_RIGHTS_REQUIRED
TOKEN_ADJUST_SESSIONID
TOKEN_QUERY_SOURCE
TOKEN_TYPE
TOKEN_DUPLICATE
TOKEN_IMPERSONATE
TOKEN_MANDATORY_LABEL
SECURITY_IMPERSONATION_LEVEL
SeparateWOWVDM
PROCESS_INFORMATION
STARTUPINFO
TOKEN_ADJUST_PRIVILEGES
SID_AND_ATTRIBUTES
SECURITY_ATTRIBUTES
TOKEN_ADJUST_GROUPS
TOKEN_INFORMATION_CLASS
TOKEN_ALL_ACCESS
TOKEN_ADJUST_DEFAULT
CreateProcessWithTokenW
TOKEN_ASSIGN_PRIMARY
TOKEN_QUERY
value__
SetQuota
mscorlib
get_Id
dwThreadId
TokenSessionId
dwProcessId
processId
VirtualMemoryRead
CreateThread
hThread
Suspended
TokenVirtualizationEnabled
lpReserved
TokenVirtualizationAllowed
StringSid
TokenLogonSid
ConvertStringSidToSid
ptrSid
InvokeMethod
TokenSessionReference
TokenSource
set_ExitCode
DefaultErrorMode
IDisposable
get_Handle
DuplicateHandle
DuplicateTokenHandle
ExistingTokenHandle
ProcessHandle
bInheritHandle
WithProfile
IsInRole
WindowsBuiltInRole
NewConsole
lpTitle
lpApplicationName
GetProcessesByName
lpCommandLine
ValueType
TokenType
TokenElevationType
Dispose
Terminate
VirtualMemoryWrite
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ABC.exe
dwXSize
dwYSize
Synchronize
SizeOf
System.Runtime.Versioning
ToString
TokenInformationLength
StartsWith
WinApi
AllocHGlobal
Marshal
System.Security.Principal
WindowsPrincipal
TokenDefaultDacl
TokenImpersonationLevel
TokenIntegrityLevel
advapi32.dll
kernel32.dll
Program
System
TokenLinkedToken
DuplicateToken
hExistingToken
hToken
OpenProcessToken
phNewToken
TokenOrigin
get_Location
QueryLimitedInformation
SetTokenInformation
TokenAccessInformation
lpProcessInformation
SetInformation
QueryInformation
TokenImpersonation
VirtualMemoryOperation
TokenElevation
System.Reflection
ManagementObjectCollection
lpStartupInfo
lpDesktop
NewProcessGroup
TokenPrimaryGroup
ManagementObjectSearcher
TokenOwner
ImpersonateLoggedOnUser
TokenUser
hStdError
ManagementObjectEnumerator
GetEnumerator
lpSecurityDescriptor
StructureToPtr
IntPtr
TokenStatistics
System.Diagnostics
TokenRestrictedSids
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
TokenGroupsAndPrivileges
TokenPrivileges
lpTokenAttributes
dwLogonFlags
dwCreationFlags
TokenAccessFlags
ProcessAccessFlags
dwFlags
TokenHasRestrictions
TokenGroups
dwXCountChars
dwYCountChars
TokenInformationClass
MaxTokenInfoClass
TokenUIAccess
dwDesiredAccess
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
Concat
ManagementBaseObject
ManagementObject
System.Management
UnicodeEnvironment
lpEnvironment
get_Current
GetCurrent
ExtendedStartupInfoPresent
TokenSandBoxInert
Convert
hStdInput
hStdOutput
MoveNext
wShowWindow
DuplicateTokenEx
TokenAuditPolicy
TokenMandatoryPolicy
GetEntryAssembly
NetCredentialsOnly
TokenPrimary
lpCurrentDirectory
WindowsIdentity
WrapNonExceptionThrows
Copyright
2022
$f1e836c1-2279-49b3-84cc-ed8b048fcc44
1.0.0.0
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
C:\Users\admin\Downloads\Disable WD (1)\ABC\ABC\obj\Release\ABC.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config.
Makes the application long-path aware. See https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
winlogon
MsMpEng
S-1-16-0
Select * From Win32_Process Where ProcessID =
GetOwner
NO OWNER
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
ABC.exe
LegalCopyright
Copyright
2022
LegalTrademarks
OriginalFilename
ABC.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0