MSSQL session sequence performing automated server reconnaissance through multiple sp_server_info calls, case-sensitivity probing, charset and configuration enumeration from master.dbo tables, and session environment adjustments (set textsize, set arithabort on). The observed queries indicate scripted capability discovery and environment profiling based strictly on database command activity.

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service