Strange queries found in XEvent Profiler

Question

I found the given code in SQL XEvent Profiler, these set of queries returning my server hard drives information, username showing 'sa' and client_app_name showing 'Microsoft SQL Server Management Studio' I do not have any clue about these queries, can you let me know what sort of access it is:

create table #fixdrv ( Name sysname NOT NULL, Size int NOT NULL, Type sysname NULL )        
insert #fixdrv (Name, Size) EXECUTE master.dbo.xp_fixeddrives      
update #fixdrv set Type = 'Fixed' where Type IS NULL   
insert #fixdrv (Name, Size)EXECUTE master.dbo.xp_fixeddrives 1    
update #fixdrv set Type = 'Remote' where Type IS NULL    
insert #fixdrv (Name, Size) EXECUTE master.dbo.xp_fixeddrives 2    
update #fixdrv set Type = 'Removable' where Type IS NULL      
insert #fixdrv (Name, Size) EXECUTE master.dbo.xp_fixeddrives 3    
update #fixdrv set Type = 'CD-ROM' where Type IS NULL         
update #fixdrv set Name = Name + ':'        
SELECT *  FROM #fixdrv      
drop table #fixdrv     

Answer 1

Hi @Abdul Samad Patel
This script uses an undocumented SQL Server extended stored procedure named xp_fixeddrives.
The xp_fixeddrives (extended stored procedure) returns a record set that contains the number of megabytes of free space for each physical drive associated with the SQL Server
machine.
To use the results in T-SQL logic, then store the results in a temporary table : #fixdrv.

BTW, The obvious disadvantage with xp_fixeddrives is that it doesn’t return the total size of the disks, only the free space.
As from SQL Server 2008R2 there is a new method to get disk size information by using the function sys.dm_os_volume_stats which also returns information on total space on each drive.

Best regards,
LiHong

Answer 2

Correct !

but I do not know who applied that query on my server, I afraid of my server hacked.