As pointed out by another comment above, exfiltration then becomes the risky step.
If that did exist, you'd still have to get packets out through an unknown network, running unknown detection tools. Possible, but dicey over the intermediate term.
Who's to say they didn't just plug a box in, run a fake workload on it, and put all network traffic it emits under a microscope?
Seems like you could just blast it out on one of the endless Microsoft telemetry or update channels that are chatting away all day and either intercept outside the network or with Microsoft's help. Only way to protect against that would be blocking all internet access.
If that did exist, you'd still have to get packets out through an unknown network, running unknown detection tools. Possible, but dicey over the intermediate term.
Who's to say they didn't just plug a box in, run a fake workload on it, and put all network traffic it emits under a microscope?