Kdmapper.exe _hot_

Once it has "a foot in the door" via the exploit, it manually maps the user’s unsigned driver into kernel memory and executes it.

High-level anti-cheats (like Vanguard or BattlEye) often monitor for the presence of the specific vulnerable drivers used by kdmapper.exe

manually allocates memory and maps the payload driver's sections, resolving imports and relocations itself. Once it has "a foot in the door"