Scouting

You can inspect packets using tcpdump and find the domain covidfunds.net, OR you can step through the program in the debugger, notice the string Y292aWRmdW5kcy5uZXQ= getting base64 decoded, base64 decode it yourself and you will find it decodes to covidfunds.net