Recbin

https://gchq.github.io/CyberChef/#recipe=Conditional_Jump('%5E(%5C%5Cx01%7C%5C%5Cx02)',true,'DoNothing',10)Subsection('%5E.',true,true,false)Conditional_Jump('%5E%5C%5Cx01',false,'Win7',10)Conditional_Jump('%5E%5C%5Cx02',false,'Windows10',10)Jump('Continue',10)Return()Merge()Label('Win7')Subsection('.%7B24%7D(.*)',true,true,false)Decode_text('UTF16LE%20(1200)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*).'%7D,'%5C%5CnDeleted%20File%20Path:%20$1',true,false,true,false)Merge()Jump('Continue',10)Label('Windows10')Subsection('.%7B28%7D(.*)',true,true,false)Decode_text('UTF16LE%20(1200)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*).'%7D,'%5C%5CnDeleted%20File%20Path:%20$1',true,false,true,false)Merge()Label('Continue')Subsection('%5E.%7B16%7D(.%7B8%7D)',true,true,false)Swap_endianness('Raw',8,true)To_Hex('None')From_Base(16)Windows_Filetime_to_UNIX_Timestamp('Seconds%20(s)','Decimal')From_UNIX_Timestamp('Seconds%20(s)')Find_/_Replace(%7B'option':'Regex','string':'%5E(.*UTC)'%7D,'%5C%5CnFile%20Deletion%20Time:%20$1',true,false,true,false)Merge()Subsection('%5E.%7B8%7D(.%7B8%7D)',true,true,false)To_Hex('None')Swap_endianness('Hex',8,true)From_Base(16)Find_/_Replace(%7B'option':'Regex','string':'%5E(.*)'%7D,'%5C%5CnDeleted%20File%20Size:%20$1',true,false,true,true)Merge()Find_/_Replace(%7B'option':'Regex','string':'%5E.%7B8%7D'%7D,'********%20WINDOWS%20RECYCLE%20BIN%20METADATA%20********',true,false,false,false)Label('DoNothing')