Hybrid Analysis develops and licenses analysis tools to fight malware.
![where is poolmon.exe located where is poolmon.exe located](https://i.imgur.com/lGwHYnh.png)
#WHERE IS POOLMON.EXE LOCATED FOR FREE#
Then start C:Program Files (x86)Windows Kits10Tools圆4Poolmon.exe. Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. See this superuser question for more info. Download and install WDK from Microsoft website. Repeat these steps for two hours at 15 minute intervals. Use the following steps to copy and store the tag information. Install the WDK to get poolmon.exe The tool is located here after you installed the WDK: 'C:\Program Files (x86)\Windows Kits\8.0\Tools\圆4\poolmon. Default location after installing the kit is \10\Tools\圆4\poolmon.exe the default install directory is C:\Program Files (x86)\Windows Kits Running that will let you see which driver is using the RAM. Poolmon.exe is available in the Windows NT 4.0 Resource Kit and in the SupportTools folder of Windows 2000, Windows XP, and Windows Server 2003 CD-ROMs. You will need a tool called poolmon that you can get from Windows Driver Kit. If you don't directly see a system process that could be the issue, the process is a little more involved. I recently repaired a system where the non paged pool fgrew (like yours) to 10GB and Audio services were taking up 25% CPU time on a i5-6600k, deleting the audio driver and rebooting fixed the issue. You might get some insight as to what the issue is. If you right click that process you can "Go to service" to see which service is causing it. If you go to the processes tab and sort by CPU usage, you might see some svchost processes taking up more CPU than they should (no svchost process should really take more than 1-2% cpu on your build). This is usually indicative of a memory leak within either windows or a device driver.
![where is poolmon.exe located where is poolmon.exe located](https://i.stack.imgur.com/6TZMi.png)
Which build of Windows are you running? The reason your RAM is being maxxed out is your non-paged pool is very high.