diff --git a/Ransomware/_ransom_cmd.md b/Ransomware/_ransom_cmd.md
index 3e3f802..faa9a3e 100644
--- a/Ransomware/_ransom_cmd.md
+++ b/Ransomware/_ransom_cmd.md
@@ -6,6 +6,10 @@ Most common OS commands executed by ransomware
 - bcdedit /set {default} recoveryenabled no
 - bcdedit /set {current} safeboot minimal
 
+## Fsutil
+- fsutil usn deletejournal
+- fsutil file setZeroData offset=
+
 ## Netsh
 - netsh advfirewall set currentprofile state off
 - netsh firewall set opmode disable
@@ -33,4 +37,4 @@ Most common OS commands executed by ransomware
 
 ## Wmic
 - wmic shadowcopy /nointeractive
-- wmic shadowcopy delete
\ No newline at end of file
+- wmic shadowcopy delete