diff --git a/BatchExamples/DFIRBatch.md b/BatchExamples/DFIRBatch.md
index d9532f0..a49f392 100644
--- a/BatchExamples/DFIRBatch.md
+++ b/BatchExamples/DFIRBatch.md
@@ -8,6 +8,7 @@ Special thanks to those who have contributed to this Batch file:
 * [Tony Knutson](https://twitter.com/bigt252002)
 * Chris Kudless
 * [Reece394](https://github.com/reece394)
+* [ogmini](https://github.com/ogmini)
 
 # Version History
 
@@ -58,6 +59,7 @@ Example entry, please follow this format:
 | 2.09 | 2024-12-19 | Added Angry IP Scanner Artifacts |
 | 2.10 | 2025-01-18 | Added System ProductType and ProductSuite Artifacts |
 | 2.11 | 2025-03-31 | Added Threat Hunt for WinLogon Shell and Userinit values |
+| 2.12 | 2025-06-18 | Added Windows Notepad Artifacts |
 
 # Documentation
 
diff --git a/BatchExamples/DFIRBatch.reb b/BatchExamples/DFIRBatch.reb
index 8e9b9ec..ee1c032 100644
--- a/BatchExamples/DFIRBatch.reb
+++ b/BatchExamples/DFIRBatch.reb
@@ -1,7 +1,7 @@
 Description: DFIR RECmd Batch File
 Author: Andrew Rathbun, esecrpm
-Version: 2.11
-Id: 6e68cc0b-c945-428b-ab91-c02d91c877b8
+Version: 2.12
+Id: 6e68cc0b-c945-428b-a‘b91-c02d91c877b8
 Keys:
 #
 # DFIRBatch README: https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/DFIRBatch.md
@@ -3048,6 +3048,33 @@ Keys:
         Recursive: true
         Comment: "Displays artifacts relating to Angry IP Scanner"
 
+# Third Party Applications -> Windows Notepad
+
+    -
+        Description: Windows Notepad
+        HiveType: OTHER
+        Category: Third Party Application
+        KeyPath: Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
+        Recursive: true
+        Comment: "MRU from .\AppData\Local\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\SystemAppData\Helium\User.dat”
+    -
+        Description: Windows Notepad
+        HiveType: OTHER
+        Category: Third Party Application
+        KeyPath: Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
+        Recursive: true
+        Comment: "TypedPaths from .\AppData\Local\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\SystemAppData\Helium\User.dat”
+    -
+        Description: Windows Notepad
+        HiveType: OTHER
+        Category: Third Party Application
+        KeyPath: Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
+        Recursive: true
+        Comment: "MountPoints2 from .\AppData\Local\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\SystemAppData\Helium\User.dat”
+
+# https://ogmini.github.io/2025/06/12/Windows-Notepad-Revisiting-Application-Hive.html
+# https://ogmini.github.io/research#windows-notepad
+
 # --------------------
 # CLOUD STORAGE
 # --------------------