This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.