diff --git a/Windows/Defense Evasion/Indicator_Removal_on_Host.md b/Windows/Defense Evasion/Indicator_Removal_on_Host.md
index 635e4f78..5be6bba5 100644
--- a/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
+++ b/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
@@ -11,3 +11,17 @@ Clear system logs
 Clear Security logs
 
     wevtutil cl Security
+
+Clear Setup logs
+
+    wevtutil cl Setup
+
+Clear Application logs
+
+    wevtutil cl Application
+
+## Fsutil
+
+Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.
+
+    fsutil usn deletejournal /D C:
diff --git a/Windows/Exfiltration/Data_Compressed.md b/Windows/Exfiltration/Data_Compressed.md
new file mode 100644
index 00000000..ac2307f9
--- /dev/null
+++ b/Windows/Exfiltration/Data_Compressed.md
@@ -0,0 +1,11 @@
+# File Deletion
+
+MITRE ATT&CK Technique: [T1002](https://attack.mitre.org/wiki/Technique/T1002)
+
+## PowerShell
+
+    powershell.exe dir c:\* -Recurse | Compress-Archive -DestinationPath C:\test\Data.zip
+
+## Rar
+
+    rar a -r exfilthis.rar *.docx