A case-study for static and dynamic testing of Win10 enterprise rollout images. How this saved an organization from deploying an image that would have resulted in 10,000+ machines being remotely controlled by an adversary for ransom. Hardening reviews, configuration management, app whitelisting effectiveness, encryption recovery, and the ability to detect and defeat sleeper malware are described.