This is a false positive, see Restic 0.10.0 for Windows and Jiangmin: false positive? - #2 by fd0 for a possible explanation.
The restic binaries are built reproducibly such that we can be sure that the release binaries match the source code on github and do not include unexpected code.