SO my dumb ass ran babyFTP in windows 11 with all permissions without switching from home network to mesh network. everything was normal until my transfer suddenly stopped and when I went to restart the server it said "7 connections terminated" 
SO what now? it had a browser vault and what I assume are decrypted emails via the Microsoft mail.
Should I dd it and do forensics as to what ran in powershell and what files changed most recently?
Nuke and pave?
is EVERY password in that browser vault burned?
Yeah, the safe path is to nuke the machine and consider all passwords compromised
What do you mean by "without switching from home network to mesh network"? What network was the system connected to? Also if you had a transfer running some FTP clients will open multiple connections to the server which could explain your "7 connections terminated" message. Can you check the FTP server logs to see what exactly happened?
Make a Medicat bootable USB and boot to the stripped down windows and do like 3 different virus scans.
Then boot without internet access, grab any files you need, and nuke it.
I'd change any important account passwords.
Is there a difference between Medicat and Hiren's BootCD? I remember using Hiren's BootCD way back in the day.
Hirens is better actually (if it's still updated) but they're both great.Edit: original hirens has been out of date for over 10 years and the successor "hirens boot CD pe" very annoyingly doesn't label their releases with release dates. May or may not be up to date.
