Extremely slow during and post-install

[GeneralErrorOK]

What's the problem?

I'm fairly new to FlareVM, but not really new to software RE and digital forensics. I wanted to use FlareVM to build a malware analysis VM on my Mac. The issue is:

I have Apple Macbook Pro M4 (Apple Sillicon) with 48 GB of RAM. Quite a fast machine. I created a Windows 11 ARM VM on VMWare Fusion that runs like a charm. The VM gets 16GB of system ram and 6 logical CPU cores. Installation of FlareVM took quite a long time, somewhere around 36 hours. After installation the system itself is snappy, but all tools (I haven't tried them all but did try a lot) take a LONG time to start/load. Even a simple CLI tool like FLOSS or a Python REPL, or fairly small GUI application like Detect-It-Easy might take around 10 minutes to load. All other applications, Windows system tools, load/start very fast and feel snappy.

I assumed it was because of the translation layer that Windows adds because of the x86 binaries on an ARM machine.

So I grabbed another laptop, running Debian 13 on an Intel Core i9 with 64GB of RAM. I used Virtualbox to create a Windows 11 Pro VM and gave it 32GB of RAM and 6 cores as well. On this machine the installation took 5 days! And afterwards I have the same problem... The tools take around 10 to 15 minutes to load. Even the Windows Terminal seems to hang/stall for around a minute after opening it from the menu (that feels snappy and fine otherwise).

I've tried analysing the problem with processexplorer and task manager but all seems fine. The system seems idle while loading/waiting. No disk activity, no network, no cpu usage, it just waits for 10 minutes and then suddenly the application's there. Like they are waiting for some process to time-out?

I have no clue where to start troubleshooting this. Is there anyone who is less clueless? :)

P.s. I've included environment information of my primary case, the Apple macbook, but to be certain: I've observed the same effects on my x86 machine. I can include environment information of this host and VM later today or tomorrow.

Steps to Reproduce

1. Install clean Windows version
2. Follow all install instructions to the letter
3. Install with GUI and default options
4. System grinds to a halt

Environment

Mac OS 26.0.1 (25A362)
VMWare Fusion Professional Version 13.6.3 (24585314)
Windows 11 10.0.26100
Powershell 5.1.26100.6899
Chocolatey 2.5.1 (also takes 20 seconds to get from "choco --version")
Boxstarter 3.0.3

Host Information

VM OS version and Service Pack

Version : 10.0.26100
BuildNumber : 26100
OSArchitecture : ARM 64-bit Processor
ServicePackMajorVersion : 0
Caption : Microsoft Windows 11 Pro

VM OS RAM (MB)

16384

VM OS HDD Space / Usage

DeviceID DriveType ProviderName VolumeName Size FreeSpace

---

C: 3 67790434304 15674208256
D: 5 Windows11_26100.4349_Professiona 5266925568 0
E: 3 4N6 206158426112 200487129088

VM AV Details

AntiVirusProduct classname does not exist...

VM PowerShell Version

5.1.26100.6899

VM CLR Version

4.0.30319.42000

VM Chocolatey Version

2.5.1

VM Boxstarter Version

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3

VM Installed Packages

010editor.vm|16.0.1
7zip.vm|23.1.0.20250902
advanced-installer.vm|22.9.0.20250729
angr.vm|9.2.157
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20250219
apktool.vm|2.12.0
asar.vm|4.0.0.20250731
autohotkey|2.0.19
autohotkey.install|2.0.19
autoit-ripper.vm|1.1.2.20250219
binaryninja.vm|4.2.6455.20250814
bindiff.vm|8.0.0.20250505
blobrunner.vm|0.0.5.20250219
blobrunner64.vm|0.0.5.20250219
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
bytecodeviewer.vm|2.13.1
capa.vm|9.2.1
capa-explorer-web.vm|1.0.0.20250425
chocolatey|2.5.1
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.11.1
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.25
cmder.vm|1.3.25.20250902
codetrack|1.0.3.301
codetrack.vm|1.0.3.20250505
common.vm|0.0.0.20250814
cryptotester.vm|1.7.3
cutter.vm|2.4.1
Cygwin|3.6.4
cygwin.vm|3.6.4.20250902
de4dot-cex.vm|4.0.0.20250505
debloat.vm|0.0.0.20250731
dependencywalker|2.2.6000.9
dependencywalker.vm|2.2.6000.20250219
dex2jar.vm|2.3.0.20250219
didier-stevens-beta.vm|0.0.0.20250430
didier-stevens-suite.vm|0.0.0.20250430
die.vm|3.10.20250505
dll-to-exe.vm|1.1.20250219
dnlib.vm|4.0.0.20250505
dnspyex.vm|6.5.1.20250505
dotdumper.vm|1.1.0.20250505
DotNet3.5|3.5.20241212
dotnet-5.0-desktopruntime|5.0.17
dotnet-6.0-desktopruntime|6.0.36
dotnet-6.0-runtime|6.0.36
dotnet-6.0-sdk|6.0.428
dotnet-6.0-sdk-4xx|6.0.428
dotnet-6.vm|0.0.0.20250509
dotnet-8.0-desktopruntime|8.0.20
dotnet-8.vm|0.0.0.20250509
dotnetfx|4.8.0.20220524
exeinfope.vm|0.0.7.20250505
exiftool|13.33.0
exiftool.vm|13.33.0
explorersuite.vm|0.0.0.20250219
extreme_dumper.vm|4.0.0.20250505
ezviewer.vm|2.0.0.20250430
fakenet-ng.vm|3.5.0.20250415
file.vm|0.0.0.20250505
floss.vm|3.1.1.20250505
garbageman.vm|0.2.4.20250505
ghidra|11.4.2
ghidra.vm|11.4.2
git|2.51.0.2
git.install|2.51.0.2
goresym.vm|3.1.2
gostringungarbler.vm|1.0.0.20250505
graphviz|14.0.1
hasher.vm|2.1.0.20250505
hashmyfiles.vm|0.0.0.20250505
hollowshunter.vm|0.4.1.20250917
hxd|2.5.0
hxd.vm|2.5.0.20250715
ida.plugin.capa.vm|9.2.1.20250715
ida.plugin.comida.vm|0.0.0.20250715
ida.plugin.dereferencing.vm|0.0.0.20250715
ida.plugin.diaphora.vm|3.2.1.20250715
ida.plugin.flare.vm|0.0.0.20250715
ida.plugin.hrtng.vm|2.4.30.20250715
ida.plugin.ifl.vm|1.4.4.20250715
ida.plugin.xray.vm|0.0.0.20250715
ida.plugin.xrefer.vm|1.0.3.20250715
idafree.vm|9.1.0
idr.vm|0.0.0.20250430
ifpstools.vm|2.0.3.20250716
ilspy|9.1.0
ilspy.vm|9.1.0.20250505
imhex|1.35.4
imhex.vm|1.35.4.20250715
innoextract.vm|1.9.0.20250716
innounp.vm|0.50.0.20250716
installer.vm|0.0.0.20250801
internet_detector.vm|1.0.0.20250805
ipython.vm|8.27.0.20250902
isd.vm|1.5.0.20250716
js-beautify.vm|1.15.1.20250730
js-deobfuscator.vm|0.0.0.20250730
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
KB3063858|1.0.0
keystone.vm|0.9.2
libraries.python3.vm|0.0.0.20250730
magika.vm|0.5.0.20250505
malware-jail.vm|0.0.0.20250730
map.vm|0.0.0.20250507
microsoft-office.vm|0.0.0.20250423
microsoft-office-deployment|16.0.19231.20072
nasm|2.16.3
nasm.vm|2.16.3.20250902
netfx-4.8|4.8.0.20220524
net-reactor-slayer|6.4.0
net-reactor-slayer.vm|6.4.0.20250505
networkminer.vm|3.0.0.20250505
nmap.vm|7.98.0
nodejs|22.12.0
nodejs.install|22.12.0
nodejs.vm|0.0.0.20250730
notepadplusplus|8.8.5
notepadplusplus.install|8.8.5
notepadplusplus.vm|8.8.5
notepadpp.plugin.compare.vm|2.0.2.20250902
notepadpp.plugin.jstool.vm|1.2312.0.20250902
notepadpp.plugin.xmltools.vm|3.1.1.20250902
npcap.vm|1.83.0
obfuscator-io-deobfuscator.vm|0.0.0.20250730
offvis.vm|1.0.0.20250505
onenoteanalyzer.vm|0.0.0.20250430
openjdk|21.0.1
openjdk.vm|0.0.0.20250218
pdbresym.vm|1.3.6.20250509
pdfstreamdumper.vm|0.9.634.20250430
pe_unmapper.vm|1.0.20250219
pebear|0.7.1
pebear.vm|0.7.1
peid.vm|0.95.0.20250219
pesieve|0.4.1
pesieve.vm|0.4.1
pestudio.vm|0.0.0.20250219
pkg-unpacker.vm|1.0.0.20250730
pma-labs.vm|0.0.0.20250219
procdot.vm|1.22.57.20250219
processdump.vm|2.1.1.20250219
psnotify.vm|0.2.4.20250505
pycdas.vm|0.0.0.20250716
pycdc.vm|0.0.0.20250716
python3|3.10.11
python3.vm|0.0.0.20250801
python310|3.10.11
rat-king-parser.vm|4.0.1.20250219
recaf.vm|2.21.14.20250219
reg_export.vm|1.3.0.20250219
registry_explorer.vm|2.0.0.20250814
regshot.vm|1.9.1.20250506
resourcehacker.portable|5.2.8
resourcehacker.vm|0.0.0.20250402
rundotnetdll.vm|2.2.0.20250505
scdbg.vm|0.0.0.20250219
sclauncher.vm|0.0.6.20250219
sclauncher64.vm|0.0.6.20250219
setdefaultbrowser|1.5.0
shellcode_launcher.vm|0.0.0.20250219
sysinternals.vm|0.0.0.20250804
systeminformer.vm|3.2.25113
ttd.vm|1.11.553
uncompyle6.vm|3.9.2.20250716
uniextract2.vm|2.0.0.20250219
unpyc3.vm|0.0.0.20250716
upx.vm|5.0.2
vbdec.vm|1.0.917.20250716
vb-decompiler-lite.vm|0.0.0.20250804
vcbuildtools.vm|0.0.0.20250729
vcredist140|14.42.34438.20250221
vcredist140.vm|0.0.0.20250220
vcredist2005|8.0.50727.619501
vcredist2008|9.0.30729.616104
vcredist2010|10.0.40219.32503
vcredist2012|11.0.61031.20230518
vcredist2013|12.0.40660.20180427
vcredist2015|14.0.24215.20170201
vcredist2017|14.16.27052
vcredist-all|1.0.1
visualstudio2017buildtools|15.9.58
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.104.0
vscode.extension.jupyter.vm|2024.6.2024060601.20250218
vscode.extension.python.vm|2024.9.20250218
vscode.install|1.104.0
vscode.vm|1.104.0
windbg.vm|1.2508.27001
windows-terminal.vm|1.22.12111
windump.vm|0.3.0.20250815
wireshark|4.4.9
wireshark.vm|4.4.9
x64dbg.plugin.dbgchild.vm|20250430.0.0
x64dbg.plugin.ollydumpex.vm|1.84.0.20250430
x64dbg.plugin.scyllahide.vm|1.4.20250430
x64dbg.plugin.x64dbgpy.vm|1.0.59.20250430
x64dbg.vm|2025.8.19
yara|4.5.3
yara.vm|4.5.3.20250613

Common Environment Variables

VM_COMMON_DIR: E:\FlareVM_VM
TOOL_LIST_DIR: C:\Users\wille\Desktop\Tools
RAW_TOOLS_DIR: E:\FlareVM\Tools

Additional Information

No response

[GeneralErrorOK]

Just as an example and a little proof, here is my PS output including the Flare-VM timestamps:

FLARE-VM 10/21/2025 14:56:31
PS C:\Users\wille > floss
usage: floss.exe [-h] [-H] [-n MIN_LENGTH] [--no {static,stack,tight,decoded} [{static,stack,tight,decoded} ...]]
                 [--only {static,stack,tight,decoded} [{static,stack,tight,decoded} ...]] [-j] [-v] [-d] [-q]
                 [--color {auto,always,never}]
                 sample
floss.exe: error: the following arguments are required: sample
[3560] WARNING: failed to remove temporary directory: C:\Users\wille\AppData\Local\Temp\_MEI35602
FLARE-VM 10/21/2025 15:08:59
PS C:\Users\wille >

As you can see, it took more than 12 minutes to invoke the help function of floss. What might be happening?