Escaping a virtual machine isn't unheard of. If I were a betting man then I would place good money that this, being a data dump of a state, could contain state-sponsored 0-days designed to escape such things.

Last escape from hardware virtualization on Qubes OS that I'm aware of was in 2006, by the Qubes founder: https://en.wikipedia.org/wiki/Blue_Pill_%28software%29.

I’d only touch this stuff with an airgapped machine which is imaged before and after.

And even then there are ways to put malware into BIOS and disk firmware. Seriously: only a throwaway machine.

On a Pinephone or Librem 5, there is no such semi-writable firmware. You can wipe them fully AFAIK.

Put it on a stone tablet to be on the safe side

Sorry I actually meant virtual virtual machines - they don’t even exist. Truly the only secure option.

And viruses have adapted to that for well over a decade.

And add to that, I would most certainly not trust a normal virtual machine to be a big enough boundary.

And why Baphomet gave us hypervisor escapes.

time to have a HN-swarm of static analysis