diff --git a/BatchExamples/DFIRBatch.md b/BatchExamples/DFIRBatch.md
index 9f396ed..d7f92be 100644
--- a/BatchExamples/DFIRBatch.md
+++ b/BatchExamples/DFIRBatch.md
@@ -70,7 +70,7 @@ Example entry, please follow this format:
 | 2.18 | 2025-09-01 | Added ConsentStore Artifacts |
 | 2.19 | 2025-09-02 | Added Desktop IconLayouts, DB Browser for SQLite and WinMerge Artifacts |
 | 2.20 | 2025-10-03 | Added PuTTY, CCleaner, File Shredder, Splashtop Artifacts |
-
+| 2.21 | 2026-01-06 | Added WOW6432Node Run Keys and Expanded Edge and Chrome Artifacts |
 # Documentation
 
 https://docs.microsoft.com/en-US/troubleshoot/windows-server/performance/windows-registry-advanced-users
diff --git a/BatchExamples/DFIRBatch.reb b/BatchExamples/DFIRBatch.reb
index eb56cbc..23b7b05 100644
--- a/BatchExamples/DFIRBatch.reb
+++ b/BatchExamples/DFIRBatch.reb
@@ -1,6 +1,6 @@
 Description: DFIR RECmd Batch File
 Author: Andrew Rathbun
-Version: 2.20
+Version: 2.21
 Id: 6e68cc0b-c945-428b-ab91-c02d91c877b8
 Keys:
 #
@@ -2636,6 +2636,26 @@ Keys:
         Recursive: false
         Comment: "Program execution upon successful user logon"
 
+# https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
+
+    -
+        Description: Run (SYSTEM)
+        HiveType: SOFTWARE
+        Category: Autoruns
+        KeyPath: WOW6432Node\Microsoft\Windows\CurrentVersion\Run
+        Recursive: false
+        Comment: "Program execution upon successful user logon"
+
+# https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
+
+    -
+        Description: RunOnce (SYSTEM)
+        HiveType: SOFTWARE
+        Category: Autoruns
+        KeyPath: WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
+        Recursive: false
+        Comment: "Program execution upon successful user logon"
+
 # https://docs.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
 
     -
@@ -3859,7 +3879,7 @@ Keys:
         Description: Google Chrome
         HiveType: NTUSER
         Category: Web Browsers
-        KeyPath: Software\Google\Chrome
+        KeyPath: Software\Google\Chrome*
         Recursive: true
         Comment: "Google Chrome Registry artifacts"
     -
@@ -3926,7 +3946,7 @@ Keys:
         Description: Microsoft Edge
         HiveType: NTUSER
         Category: Web Browsers
-        KeyPath: Software\Microsoft\Edge
+        KeyPath: Software\Microsoft\Edge*
         Recursive: true
         Comment: "Microsoft Edge Registry artifacts"
     -