I have a few issues with this tbh. Sandboxie is super easy to detect, most commercial malware easily detects it's running in this and many have even found ways to beat it. If we take a stroll over here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18748 sandboxie basically said because you can run a command and completely escape their controls over the sandbox, it was within the realm of expected use. If you wanna have some fun, seriously just scan registry permissions within a sandboxie setup, and watch for when you actually make changes to the host without being noticed. /sigh/ Even if you containerize, which is all sandboxie functionally does (see also comodo's ransomware protection), absolutely everything and run it in a vm, then you're victim to oversimplifying. As such, you'll grow accustom to providing real information over a known bad environment ruining the entire purpose. VPNs can mitm your traffic just as much as "encrypt" them. As well nearly every vpn provider thats ever said they don't keep user logs has been hacked and proved lying (see, hidemyass). It's much more advisable to use ssl everywhere within your container within your vm if you're trying to encrypt. Personally I'd advise AGAINST octovpn because sites like https://wtfismyip.com/ can easily still grab internal ip and often ipv6 of users, websites like ebay can detect real ip based on wasm and local fingerprinting. Another objectively safety idea is limiting scripts running to those you know or trust which there are many extensions for every browser for this but very few browsers natively give you that control to block. Just for a malware c2, at minimum, I'd run with two vm, one being host only networking, the other having all traffic through tor. The host only network on, would be my c2 with a socks proxy to a port on the other. The other, would then have network traffic through tor and run an ssh proxy for a socks tunnel to MY OWN cloud instance, docker instance, or ovh. Ps, fuck ovh. There I said it. Anyway, this gives me complete control of my own, scalable infrastructure, if someone owns my c2 service they won't likely hit anything in my real network, if they gain root to my vm and then vm escape, well that's a risk I'm willing to take with a dumpster laptop. That seems a bit dramatic so lets try another scenario, you're just a privacy focused gamer who thinks "omg someone gonna does the bootingz of me" and therefor you get convinced to use a vpn or ovh (or any cloud services for proxy or vpn). Any vpn that someone else controls automatically has you agree to their certificate and their certificate authority, meaning once it's saved on your computer you /won't/ be hassled by most any certificate errors because you already agreed to trust those. Grounds for mitm attacks, any vpn ever. Most of these free vpns you can hop on and use bettercap still to do a mitm attack. most cheap ones don't actually encapsulate all your traffic and ipsec or not only encrypts between you and them, not from them outbound. My suggestion for handling these is you go hitup riseup's vpn service. Donate while you're at it. It's one of the few that doesn't have data leaks (re, wtfismyip.com link I posted earlier doesn't leave data behind, other tools like ebay's fingerprinting can't determine local ips). Once you understand how all this works, you'll see just grabbing a sandbox or just grabbing a vpn isn't inherently safe or in many cases even safer way to browse the internets or play games. Sometimes all you've done is cause more problems for yourself. But keep learning, and don't get settled on one thing like that.