This JavaScript module integrates with Puppeteer to automate credential harvesting and account takeovers. It calls https://nguyenvungocuyen2atgmail-com[.]onrender[.]com/api/get-mail to obtain disposable inbox credentials, and https://nguyenvungocuyen2atgmail-com[.]onrender[.]com/api/get-code to retrieve verification codes. It uses these values to fill and submit forms (e.g. on accounts.ebay.com), resets passwords, and constructs new passwords. Harvested data (email, original password, new password, first/last name, target URL) are appended in plaintext to a file named ketqua.txt in the working directory. Additionally, it exposes a helper to POST arbitrary messages (including harvested credentials) to Telegram via https://api[.]telegram[.]org/bot<token>/sendMessage. The combination of third-party mailbox control, automated takeover flows, persistent plaintext storage, console logging of credentials, and network exfiltration demonstrates clear malicious intent and a high security risk.