In [2]:
import shutil
import os

# Directory to delete
EXTRACT_DIR = '0'

# Check if the directory exists and delete it
if os.path.isdir(EXTRACT_DIR):
    shutil.rmtree(EXTRACT_DIR)
    print(f"Directory '{EXTRACT_DIR}' has been deleted.")
else:
    print(f"Directory '{EXTRACT_DIR}' does not exist.")

Directory '0' has been deleted.


In [3]:
import zipfile
import shutil
import os
import pandas as pd
print("CPU cores: ", os.cpu_count())

CPU cores:  144


In [4]:
def extract_zip(zip_path):

    if not zipfile.is_zipfile(zip_path):
        raise ValueError(f"The file at {zip_path} is not a valid ZIP archive.")
    
    # Determine the output directory name from the zip file name
    base_dir = os.path.dirname(zip_path)
    zip_filename = os.path.basename(zip_path)
    folder_name = os.path.splitext(zip_filename)[0]
    extract_to = os.path.join(base_dir, folder_name)

    # Create the directory if it doesn't exist
    if not os.path.exists(extract_to):
        os.makedirs(extract_to)

    # Extract the ZIP file
    with zipfile.ZipFile(zip_path, 'r') as zip_ref:
        zip_ref.extractall(path=extract_to)

    return extract_to


if __name__ == "__main__":
    zip_file_path = '0.zip' 
    extracted_dir = extract_zip(zip_file_path)
    print(f"Extracted to: {extracted_dir}")

Extracted to: 0


In [5]:
leak_directory = "0"

# Path to the __MACOSX folder
macosx_folder = os.path.join(leak_directory, "__MACOSX")

# Check if __MACOSX exists and remove it - creates issues when analyzing the data, and its not needed, made automatically by MacOS
if os.path.exists(macosx_folder) and os.path.isdir(macosx_folder):
    shutil.rmtree(macosx_folder)
    print(f"Deleted - {macosx_folder}")
else:
    print(f"Folder not found - {macosx_folder}")

# Organize files by extension into subfolders
for root, dirs, files in os.walk(leak_directory):
    for file in files:
        # Skip hidden files and __MACOSX if any reappear
        if file.startswith('.') or '__MACOSX' in root:
            continue

        # Get the file extension (in lowercase, without the dot)
        file_extension = os.path.splitext(file)[1].lower().lstrip('.')
        if not file_extension:
            file_extension = "no_extension"

        # Define the new subfolder path
        subfolder_path = os.path.join(leak_directory, file_extension)

        # Create the subfolder if it doesn't exist
        os.makedirs(subfolder_path, exist_ok=True)

        # Define source and destination paths
        source_path = os.path.join(root, file)
        destination_path = os.path.join(subfolder_path, file)

        # Move the file if source and destination are not the same
        if os.path.abspath(source_path) != os.path.abspath(destination_path):
            shutil.move(source_path, destination_path)

# Remove any empty folders within the parent directory
for dirpath, dirnames, filenames in os.walk(leak_directory, topdown=False):
    if not dirnames and not filenames:
        try:
            os.rmdir(dirpath)
            print(f"Removed empty folder: {dirpath}")
        except OSError:
            pass  

Deleted - 0/__MACOSX


In [6]:
# Delete Duplicate of 0 which is empty

# Directory to delete
EXTRACT_DIR = '0/0'

# Check if the directory exists and delete it
if os.path.isdir(EXTRACT_DIR):
    shutil.rmtree(EXTRACT_DIR)
    print(f"Directory '{EXTRACT_DIR}'deleted")
else:
    print(f"Directory '{EXTRACT_DIR}' does not exist")

Directory '0/0'deleted


# **DATA PARSING**

# Dataframe with all file location

In [7]:
def get_folder_file_dataframe(root_dir):
    folders = []
    for file_name in os.listdir(root_dir):
        full_path = os.path.join(root_dir, file_name)
        if os.path.isdir(full_path):
            folders.append(file_name)

    series_list = []
    for folder in folders:
        folder_path = os.path.join(root_dir, folder)
        files = [
            os.path.join(folder_path, file)
            for file in os.listdir(folder_path)
            if os.path.isfile(os.path.join(folder_path, file)) and not file.startswith('.')
        ]
        s = pd.Series(files, name=folder)
        series_list.append(s)

    df = pd.concat(series_list, axis=1)
    return df

In [8]:
df = get_folder_file_dataframe(leak_directory)
df.head(30)       

Unnamed: 0,md,png,log,txt
0,0/md/dbc9c90e-a3e6-4d71-bb93-5fb8394095ac.md,0/png/64bba692-d430-440c-9f1e-2575f45770af_6.png,0/log/77010155050.log,0/txt/IDNET.txt
1,0/md/28.md,0/png/12756724-394c-4576-b373-7c53f1abbd94_0.png,0/log/77753527617.log,0/txt/IDTV.txt
2,0/md/5.md,0/png/f179eb06-0c53-44df-a13f-570be23355bb_1.png,0/log/tele2-lbs.log,0/txt/beeline-77774042222.txt
3,0/md/38.md,0/png/5a6b122c-39c1-4581-8c1f-2d6f36a9f8a0_24.png,0/log/tele2-cdr.log,0/txt/beeline-77051056626.txt
4,0/md/9d7bc879-3250-4013-ac04-5ff9bd6dff40.md,0/png/5a6b122c-39c1-4581-8c1f-2d6f36a9f8a0_30.png,0/log/tele2-crm.log,0/txt/beeline-crm.txt
5,0/md/18.md,0/png/5a6b122c-39c1-4581-8c1f-2d6f36a9f8a0_18.png,0/log/77783030133.log,0/txt/UBSCRIBER.txt
6,0/md/9fd06037-11f1-4ad5-9a7d-cbfb3fa4193b.md,0/png/0-adaf869e-920a-4a17-91bd-e2ef3125c10e.png,,0/txt/beeline-cdr.txt
7,0/md/3348953d-66e9-4cac-8675-65bb5f2ef929.md,0/png/5387a301-0af8-4e24-a197-20189f87b9ef_8.png,,0/txt/CRM.txt
8,0/md/1.md,0/png/0-32eb7662-f212-4811-a7c1-1cfeb121cd99.png,,0/txt/LAC.txt
9,0/md/19.md,0/png/912204cb-8ab7-48b8-9abf-d803f3804d08_11.png,,0/txt/beeline-lbs.txt


# Use LLM to classify the source files

In [9]:
import os
import concurrent.futures
import pandas as pd
from langchain.llms import Ollama
from langchain.prompts import PromptTemplate
from langchain.chains import LLMChain
from tqdm import tqdm

In [10]:
llm = Ollama(model="llama3.1:8b")

prompt_template = PromptTemplate(
    input_variables=["content"],
    template="""
You are analyzing the content of a file.

File content:
\"\"\"
{content}
\"\"\"

1. Classify the content into one of the following categories ONLY: chats, images, other.
2. State your confidence in the classification as one of: high, medium, or low.
3. I will have to make a csv, please give me a list of headers based on the content. E.g. "[<header_name>, <heaer_name2>, etc.]
Respond in the following format:
Category: <chats|images|other>
Confidence: <high|medium|low>
"""
)

chain = LLMChain(llm=llm, prompt=prompt_template)

# Preprocess the files to the first 20 lines to shorten analysis times
def preprocess_first_20_lines(file_path):
    try:
        with open(file_path, "r", encoding="utf-8") as f:
            lines = [line.strip() for _, line in zip(range(20), f)]
            content = " ".join(lines)
        return file_path, content
    except Exception:
        return file_path, ""

# Use only the first column of the DataFrame
first_column = df.columns[0]
file_paths = df[first_column].dropna().unique().tolist()

# Preprocess the file for faster classification
with concurrent.futures.ThreadPoolExecutor() as executor:
    file_data = list(executor.map(preprocess_first_20_lines, file_paths))

# Classify and collect by category
valid_categories = {"chats", "images", "other"}
categorized_files = {cat: [] for cat in valid_categories}

for file_path, content in tqdm(file_data, desc="Classifying files"):
    if not content:
        continue

    try:
        response = chain.run(content=content).strip().lower()
        lines = response.splitlines()

        category = ""
        for line in lines:
            if line.startswith("category:"):
                category = line.replace("category:", "").strip()
                break
        if category not in valid_categories:
            category = "other"

        categorized_files[category].append(file_path)

    except Exception as e:
        print(f"Error processing {file_path}: {e}")

# Convert to DataFrame (columns = categories)
# Determine the maximum list length among all categories
max_len = 0
for file_list in categorized_files.values():
    if len(file_list) > max_len:
        max_len = len(file_list)

# Pad each list with None to match max length
padded = {}
for category, file_list in categorized_files.items():
    padding_needed = max_len - len(file_list)
    padded[category] = file_list + [None] * padding_needed
result_df = pd.DataFrame(padded)
result_df.to_csv("classified_by_category.csv", index=False)
result_df.head()

  chain = LLMChain(llm=llm, prompt=prompt_template)
  response = chain.run(content=content).strip().lower()
Classifying files: 100%|██████████| 70/70 [03:58<00:00,  3.40s/it] 


Unnamed: 0,other,images,chats
0,0/md/9d7bc879-3250-4013-ac04-5ff9bd6dff40.md,0/md/dbc9c90e-a3e6-4d71-bb93-5fb8394095ac.md,0/md/28.md
1,,0/md/9fd06037-11f1-4ad5-9a7d-cbfb3fa4193b.md,0/md/5.md
2,,0/md/3348953d-66e9-4cac-8675-65bb5f2ef929.md,0/md/38.md
3,,0/md/07f179c5-5705-4dbd-94a7-66eed1e066b0.md,0/md/18.md
4,,0/md/01cdc26f-e773-4ad7-8808-d04abf16aae7.md,0/md/1.md


In [11]:
import os
import pandas as pd
import re
from collections import defaultdict

# Script to check for cross refernced files

In [12]:
import pandas as pd
import os
import re
from collections import defaultdict

In [13]:
# Extract all unique file paths from the DataFrame 
file_paths = df.stack().dropna().unique().tolist()

# Read file content
def read_file(path):
    try:
        with open(path, 'r', encoding='utf-8') as f:
            return f.read()
    except:
        return "Failed to open file"

# Read file contents into a dictionary 
file_contents = {path: read_file(path) for path in file_paths}

# Build a reference map (which files mention which) 
reference_map = defaultdict(list)

for source_path, content in file_contents.items():
    if content is None:
        continue  # skip if content is None

    for target_path in file_paths:
        if target_path == source_path:
            continue  # skip comparing file to itself

        target_filename = os.path.basename(target_path)
        pattern = re.escape(target_filename)

        if re.search(rf'\b{pattern}\b', content):
            reference_map[source_path].append(target_path)

# Convert reference map to a DataFrame
ref_df = pd.DataFrame([
    {"source_file": src, "mentions": tgt}
    for src, tgts in reference_map.items()
    for tgt in tgts
])

# Group mentions into lists per source_file
ref_summary = ref_df.groupby("source_file")["mentions"].apply(list).reset_index()

# Some source_file names are also in mentions, therefore they aren't a source file anymore
source_files = set(ref_summary["source_file"])
mentioned_files = set(file for mention_list in ref_summary["mentions"] for file in mention_list)
common_files = source_files.intersection(mentioned_files)

# Filter out common files from the DataFrame
filtered_ref_summary = ref_summary[~ref_summary["source_file"].isin(common_files)].reset_index(drop=True)

filtered_ref_summary.to_csv("file_reference_map.csv", index=False)
print(filtered_ref_summary.head(10))
print("Unique file paths in original DataFrame:", df.stack().nunique())

                                    source_file  \
0  0/md/01cdc26f-e773-4ad7-8808-d04abf16aae7.md   
1                                    0/md/10.md   
2                                    0/md/13.md   
3                                    0/md/15.md   
4  0/md/178e3898-903d-47cf-bfbe-061e7dc18895.md   
5                                    0/md/19.md   
6                                     0/md/2.md   
7                                    0/md/20.md   
8                                    0/md/21.md   
9                                    0/md/22.md   

                                            mentions  
0  [0/png/01cdc26f-e773-4ad7-8808-d04abf16aae7_1_...  
1  [0/png/0-6bcc0131-e4ad-421e-bb1f-d8ebe5eeec7b....  
2  [0/png/0-adaf869e-920a-4a17-91bd-e2ef3125c10e....  
3  [0/png/0-b8cea3b1-4dde-4438-9b1a-6faf690bbad0....  
4  [0/png/178e3898-903d-47cf-bfbe-061e7dc18895_8....  
5  [0/png/6848748d-2881-4c26-b153-fcd5373d2f1c.pn...  
6  [0/md/07f179c5-5705-4dbd-94a7-66eed1e066b0.md,... 

# Check for more linkages in the files + add the missing source files from the chats

In [14]:
import pandas as pd
import os
import re
from ast import literal_eval
import ast

In [15]:
def is_readable_text_file(path):
    return any(path.endswith(ext) for ext in ['txt', 'md', 'rst', 'tex', 'nfo', 'readme', 'rtf', 'doc', 'docx',
    'cfg', 'conf', 'config', 'ini', 'json', 'yaml', 'yml', 'toml',
    'log', 'lst', 'cnf', 'properties', 'prefs',
    'csv', 'tsv', 'dat', 'db', 'dbf', 'sql', 'xml',
    'ssv', 'psv', 'jsonl', 'parquet', 'orc',
    'html', 'htm', 'xhtml', 'xht', 'css', 'js',
    'jsx', 'ts', 'tsx', 'vue', 'erb', 'ejs', 'jsp',
    'liquid', 'handlebars', 'hbs', 'mustache',
    'py', 'pyw', 'ipynb', 'java', 'c', 'cpp', 'h', 'hpp', 'cs',
    'sh', 'bash', 'zsh', 'ksh', 'bat', 'cmd', 'ps1',
    'r', 'jl', 'pl', 'pm', 'rb', 'go', 'lua', 'php',
    'swift', 'scala', 'dart', 'asm', 'groovy',
    'rmd', 'sage', 'nb',
    'env', 'gradle', 'makefile', 'mak', 'mk',
    'dockerfile', 'gitignore', 'gitattributes', 'gitmodules',
    'cmake', 'make', 'ninja', 'build',
    'manifest', 'manifest.json', 'vtt', 'srt', 'resx', 'strings',
    'lang', 'po', 'mo', 'pot', 'msg', 'textbundle',
    'rego', 'tf', 'tfvars', 'cue', 'bzl', 'bazel', 'nix', 'dhall',
    'adoc', 'asciidoc', 'creole', 'mediawiki', 'wiki', 'org',
    'eml', 'msg', 'mbox', 'mail', 'ics', 'vcf'])

mentions2_list = []

# Iterate over each row of the summary
for _, row in filtered_ref_summary.iterrows():
    mention_dict = {}

    # For each mentioned file read file contents and create a dictionary key: location - values: file contents
    for mentioned_file in row["mentions"]:
        if not is_readable_text_file(mentioned_file):
            continue  # Skip unreadable formats

        # Read file content
        content = read_file(mentioned_file)
        if content in [None, "Failed to open file"]:
            continue

        # Search for any file-type references using regex
        # Match anything with a name and known file extension
        found_files = re.findall(r'[\w\-/]*\.\w+', content)

        # Filter duplicates and add to the mention_dict
        if found_files:
            mention_dict[mentioned_file] = list(set(found_files))

    mentions2_list.append(mention_dict)

# Add this as a new column
filtered_ref_summary["mentions2"] = mentions2_list

# Get the list of chat files from result_df - LLM clasification
chat_files = result_df['chats'].dropna().unique()

# Get the list of source files already in filtered_ref_summary
source_files = filtered_ref_summary['source_file'].dropna().unique()

# Find missing chat files and collect chat files that are not found in source files
existing_source_files = set(source_files)
missing_chat_files = []
for chat_file in chat_files:
    if chat_file not in existing_source_files:
        missing_chat_files.append(chat_file)

# Create a new DataFrame with empty mentions and linkage columns
new_rows = pd.DataFrame({
    'source_file': missing_chat_files,
})

# Append the new rows to ref_summary
filtered_ref_summary = pd.concat([filtered_ref_summary, new_rows], ignore_index=True)
        
# Save the updated DataFrame to CSV
filtered_ref_summary.to_csv("file_reference_map_extended.csv", index=False)
print(filtered_ref_summary.columns)

Index(['source_file', 'mentions', 'mentions2'], dtype='object')


# Structuring the Data into CSV - Step 1 all MD files

In [16]:
import os
import pandas as pd
from pathlib import Path
from bs4 import BeautifulSoup

In [17]:
# Create a folder and dumb all csvs
output_dir = "csvs"
os.makedirs(output_dir, exist_ok=True)

# Get all MD files from the DataFrame
all_file_paths = pd.unique(result_df.values.ravel('K'))
md_files = []
for file_path in all_file_paths:
    if isinstance(file_path, str) and file_path.endswith(".md") and os.path.exists(file_path):
        md_files.append(file_path)
        
# Use the LLM's clasification of MD files
chat_files = set(result_df['chats'].dropna().astype(str))

# Extract visible text + ANY file reference 
def extract_text_and_files(td):
    text = td.get_text(strip=True)
    links = []
    for tag in td.find_all(['a', 'img']):
        link = tag.get('href') or tag.get('src')
        if link:
            fname = os.path.basename(link.strip("'\""))
            links.append(fname)
    return text + (" " + " ".join(links) if links else "")

# This method extracts chat table from HTML
def process_chat_md(file_path):
    try:
        with open(file_path, "r", encoding="utf-8") as f:
            content = f.read()
        soup = BeautifulSoup(content, "lxml")
        rows = soup.find_all("tr")[1:]
        data = []
        for row in rows:
            cols = row.find_all("td")
            if len(cols) == 4:
                data.append({
                    "Time": cols[0].get_text(strip=True),
                    "From": cols[1].get_text(strip=True),
                    "To": cols[2].get_text(strip=True),
                    "Message": extract_text_and_files(cols[3])
                })
        return pd.DataFrame(data) if data else None
    except Exception as e:
        print(f"Error processing chat file {file_path}: {e}")
        return None

# Extract the contents of the other file types that the LLM classified
def process_reference_md(file_path):
    try:
        with open(file_path, "r", encoding="utf-8") as f:
            content = f.read()
        soup = BeautifulSoup(content, "lxml")
        matches = []
        for tag in soup.find_all(['a', 'img']):
            link = tag.get('href') or tag.get('src')
            if link:
                fname = os.path.basename(link.strip("'\""))
                if not fname.startswith("0-"):
                    matches.append(fname)
        matches = list(set(matches))
        return pd.DataFrame([{"File_Name": f} for f in matches]) if matches else None
    except Exception as e:
        print(f"Error processing reference file {file_path}: {e}")
        return None

# Loop through all MD filesand call the above methods for the afferent file type
for file_path in md_files:
    csv_name = os.path.basename(file_path).replace(".md", ".csv")
    csv_path = os.path.join(output_dir, csv_name)

    if not os.path.exists(csv_path):
        if file_path in chat_files:
            df = process_chat_md(file_path)
        else:
            df = process_reference_md(file_path)

        if df is not None:
            df.to_csv(csv_path, index=False)
        else:
            print(f"Couldn't save to CSV: {file_path}")

In [18]:
import os
import ast
from pathlib import Path

In [19]:
csv_dir = "csvs"

# Replace MD with CSV if the corresponding file exists
def replace_md_with_csv(item):
    if isinstance(item, str) and item.endswith(".md"):
        base_name = Path(item).stem  # .stem extracts the filename with no extension
        # CSV search
        csv_path = os.path.join(csv_dir, f"{base_name}.csv")
        if os.path.exists(csv_path):
            return csv_path
        else:
            print(f"CSV {item} not found")
    return item

# Recursively handle strings, lists, and dictionaries
def process_column_cell(cell):
    if isinstance(cell, str):
        return replace_md_with_csv(cell)
    
    elif isinstance(cell, list):
        new_list = []
        for item in cell:
            new_item = process_column_cell(item)
            new_list.append(new_item)
        return new_list

    elif isinstance(cell, dict):
        new_dict = {}
        for key, value in cell.items():
            new_key = replace_md_with_csv(key)
            new_value = process_column_cell(value)
            new_dict[new_key] = new_value
        return new_dict

    else:
        return cell
    
for col in filtered_ref_summary.columns:
    filtered_ref_summary[col] = filtered_ref_summary[col].apply(process_column_cell)

filtered_ref_summary.to_csv("filtered_ref_summary_csv_replaced.csv", index=False)
filtered_ref_summary.head()        

Unnamed: 0,source_file,mentions,mentions2
0,csvs/01cdc26f-e773-4ad7-8808-d04abf16aae7.csv,[0/png/01cdc26f-e773-4ad7-8808-d04abf16aae7_1_...,{}
1,csvs/10.csv,[0/png/0-6bcc0131-e4ad-421e-bb1f-d8ebe5eeec7b....,{'csvs/12756724-394c-4576-b373-7c53f1abbd94.cs...
2,csvs/13.csv,[0/png/0-adaf869e-920a-4a17-91bd-e2ef3125c10e....,{'csvs/585875ff-f8c5-4a02-acd7-fef37dc9ff11.cs...
3,csvs/15.csv,[0/png/0-b8cea3b1-4dde-4438-9b1a-6faf690bbad0....,{}
4,csvs/178e3898-903d-47cf-bfbe-061e7dc18895.csv,[0/png/178e3898-903d-47cf-bfbe-061e7dc18895_8....,{}


# Structuring the Data into CSV - Step 2 OCR on image files

In [20]:
import os

In [20]:
png_paths = []


# Gather every png path from the df
def gather_pngs(dataframe_name):
    for column in dataframe_name.columns:

        # Loop through each cell in that column
        for cell in dataframe_name[column]:

            # Case 1: The cell is a simple string
            if isinstance(cell, str):
                if cell.endswith(".png"):
                    png_paths.append(cell)

            # List
            elif isinstance(cell, list):
                for item in cell:
                    if isinstance(item, str) and item.endswith(".png"):
                        png_paths.append(item)

            # Dictionary
            elif isinstance(cell, dict):
                for key, value in cell.items():
                    # Check key
                    if isinstance(key, str) and key.endswith(".png"):
                        png_paths.append(key)

                    # Check value
                    if isinstance(value, str) and value.endswith(".png"):
                        png_paths.append(value)

                    # If the value is a list of paths
                    elif isinstance(value, list):
                        for sub_item in value:
                            if isinstance(sub_item, str) and sub_item.endswith(".png"):
                                png_paths.append(sub_item)
                                
gather_pngs(filtered_ref_summary)
print(len(png_paths))

488


# **Extraction with LLAVA**

In [46]:
import base64
import requests

# Load and base64-encode PNG image
image_path = "0/png/300450bf-221e-4eeb-bdda-dc1115c947ea.png"
with open(image_path, "rb") as f:
    image_b64 = base64.b64encode(f.read()).decode("utf-8")

prompt = "EXTRACT AND ONLY GIVE ME THE Chinese text in the given image."
response = requests.post(
    "http://localhost:11434/api/generate",
    json={
        "model": "llava:13b",
        "prompt": prompt,
        "images": [image_b64],
        "stream": False
    },
    timeout=60
)


if response.ok:
    print("LLaVA Output:\n", response.json()["response"])
else:
    print("Error:", response.text)

🔍 LLaVA Output:
  The image contains several lines of text, which are written in Simplified Chinese characters. Here's the transcription of the visible text:

韶华，我想跟你说些什么。其实是这样的：我们在一个困难的时代，需要不断地调整自己的思维方式和态度。只有我们通过不断的学习、探索和实践，才能真正获得人生中所需的技能和经验，并在面对困难时保持乐观和积极的态度。

Translation:

Xu Hong, I want to tell you something. Actually it's like this: we are in a difficult time when we need to constantly adjust our thinking and attitude. Only through continuous learning, exploration, and practice can we truly acquire the skills and experience needed for life and maintain an optimistic and positive attitude when facing difficulties.


# PaddleOCR

In [27]:
from paddleocr import PaddleOCR
import os

ocr_model = PaddleOCR(lang='ch')

def paddle_ocr(image_path):
    if not os.path.exists(image_path):
        print(f"File not found - {image_path}")
        return ""

    result = ocr_model.ocr(image_path)

    if isinstance(result, list) and isinstance(result[0], dict) and 'rec_texts' in result[0]:
        return "\n".join(result[0]['rec_texts'])

    extracted_text = []
    for line in result[0]:
        text = line[1][0]  # text, confidence
        extracted_text.append(text)

    return "\n".join(extracted_text)

[32mCreating model: ('PP-LCNet_x1_0_doc_ori', None)[0m
[32mUsing official model (PP-LCNet_x1_0_doc_ori), the model files will be automatically downloaded and saved in /home/jovyan/.paddlex/official_models.[0m
E0526 11:49:37.156906  2204 analysis_config.cc:169] Please use PaddlePaddle with GPU version.
[32mCreating model: ('UVDoc', None)[0m
[32mUsing official model (UVDoc), the model files will be automatically downloaded and saved in /home/jovyan/.paddlex/official_models.[0m
E0526 11:49:37.669418  2204 analysis_config.cc:169] Please use PaddlePaddle with GPU version.
[32mCreating model: ('PP-LCNet_x0_25_textline_ori', None)[0m
[32mUsing official model (PP-LCNet_x0_25_textline_ori), the model files will be automatically downloaded and saved in /home/jovyan/.paddlex/official_models.[0m
E0526 11:49:40.892796  2204 analysis_config.cc:169] Please use PaddlePaddle with GPU version.
[32mCreating model: ('PP-OCRv5_mobile_det', None)[0m
[32mUsing official model (PP-OCRv5_mobile_d

# EasyOCR

In [21]:
import easyocr
import os

In [22]:
# Use the Chinese and English model
ocr_model = easyocr.Reader(['ch_sim'], gpu = True)  # Load once

def easy_ocr(image_path):
    if not os.path.exists(image_path):
        print(f"File not found - {image_path}")
        return ""

    results = ocr_model.readtext(image_path, detail=0)  # Only return text, not boxes/confidences

    return "\n".join(results)

In [23]:
import shutil
import os

# Directory to delete
EXTRACT_DIR = 'ocr'

# Check if the directory exists and delete it
if os.path.isdir(EXTRACT_DIR):
    shutil.rmtree(EXTRACT_DIR)
    print(f"Directory '{EXTRACT_DIR}' has been deleted.")
else:
    print(f"Directory '{EXTRACT_DIR}' does not exist.")

Directory 'ocr' does not exist.


In [24]:
import os
import csv
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor, as_completed

In [None]:
# Ensure output directory exists
output_dir = 'ocr'
os.makedirs(output_dir, exist_ok=True)

MAX_WORKERS = 2

def process_image(image_path):
    try:
        base_name = os.path.splitext(os.path.basename(image_path))[0]
        output_csv_path = os.path.join(output_dir, f"{base_name}.csv")
        if os.path.exists(output_csv_path):
            return (image_path, "Skipped (already exists)")

        ocr_result = easy_ocr(image_path)
        combined_text = " ".join(ocr_result.splitlines())

        with open(output_csv_path, mode='w', newline='', encoding='utf-8') as f:
            writer = csv.writer(f)
            writer.writerow(['ocr_transf'])
            writer.writerow([combined_text])

        return (image_path, "Success")
    except Exception as e:
        return (image_path, f"Error: {e}")

with ThreadPoolExecutor(max_workers=MAX_WORKERS) as executor:
    futures = [executor.submit(process_image, path) for path in png_paths]

    for future in tqdm(as_completed(futures), total=len(futures), desc="Parallel OCR with EasyOCR"):
        image_path, status = future.result()
        if "Error" in status:
            print(f"[!] Failed: {image_path} -> {status}")

# **DATA TRANSLATION**

In [21]:
import os
import pandas as pd

In [22]:
# Use the csvs folder and the LLM classification of MD files to create a new df that stores the csvs into categories.

csv_folder = "csvs"

csv_mapping = {}
# Loop through each file in the CSV folder
for filename in os.listdir(csv_folder):
    # Check for csv
    if filename.endswith('.csv'):
        # Replace the ".csv" extension with ".md" to create the key
        md_filename = filename.replace('.csv', '.md')
        
        # Set the value to the full path to the CSV file 
        csv_full_path = os.path.join(csv_folder, filename)
        
        # Add the key-value pair to the mapping
        csv_mapping[md_filename] = csv_full_path

# Step 2: Define function to replace .md path with .csv path
def replace_md_with_csv(val):
    if isinstance(val, str):
        base = os.path.basename(val)
        return csv_mapping.get(base, val)
    return val

df_csvs_llm = result_df.applymap(replace_md_with_csv)
df_csvs_llm.to_csv("updated_with_csv_paths.csv", index=False)
print(df_csvs_llm.head())

                                           other  \
0  csvs/9d7bc879-3250-4013-ac04-5ff9bd6dff40.csv   
1                                           None   
2                                           None   
3                                           None   
4                                           None   

                                          images        chats  
0  csvs/dbc9c90e-a3e6-4d71-bb93-5fb8394095ac.csv  csvs/28.csv  
1  csvs/9fd06037-11f1-4ad5-9a7d-cbfb3fa4193b.csv   csvs/5.csv  
2  csvs/3348953d-66e9-4cac-8675-65bb5f2ef929.csv  csvs/38.csv  
3  csvs/07f179c5-5705-4dbd-94a7-66eed1e066b0.csv  csvs/18.csv  
4  csvs/01cdc26f-e773-4ad7-8808-d04abf16aae7.csv   csvs/1.csv  


# **Larger Model for Translation - Test**

In [8]:
import pandas as pd
import requests
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor, as_completed

csv_path = 'csvs/10.csv'
df = pd.read_csv(csv_path)

# Create translation column in the df
df['message_translation'] = ""

# Make a function to ffed context to the LLM for a better translation, takes 5 messages up and down
def get_context(df, index, window=5):
    start = max(0, index - window)
    end = min(len(df), index + window + 1)
    return "\n".join(df['Message'].iloc[start:end].dropna())

def query_ollama(prompt, model="gemma3:27b"):
    url = "http://localhost:11434/api/generate"
    payload = {
        "model": model,
        "prompt": prompt,
        "stream": False
    }
    try:
        response = requests.post(url, json=payload, timeout=90)
        response.raise_for_status()
        return response.json()["response"].strip()
    except Exception as e:
        print(f"Ollama error: {e}")
        return "[Translation Error]"

# Method to process one row 
def translate_row(index):
    target = df.at[index, 'Message']
    if pd.isna(target):
        return index, ""
    context = get_context(df, index)
    prompt = (
        "You are translating Chinese messages to English. Below is a series of related messages. "
        "Use the full context to understand the meaning, but only translate the specific message provided.\n\n"
        f"Context:\n{context}\n\n"
        f"Message to translate:\n{target}\n\n"
        "ONLY RETURN the English translation of the message, ANYTHING ELSE IS FORBIDDEN! "
        "If you encounter a filename or file reference, preserve it exactly as it appears, DON'T add anything!"
    )
    translation = query_ollama(prompt)
    return index, translation

# Run translations in parallel
futures = []
with ThreadPoolExecutor(max_workers=8) as executor:
    for index in df.index:
        futures.append(executor.submit(translate_row, index))

    for future in tqdm(as_completed(futures), total=len(futures), desc="Translating with Ollama"):
        idx, result = future.result()
        df.at[idx, 'message_translation'] = result

df.to_csv(csv_path, index=False)

Translating with Ollama: 100%|██████████| 149/149 [07:10<00:00,  2.89s/it]


In [5]:
import pandas as pd

# Load the original CSV
df = pd.read_csv("csvs/10.csv")

# Print all column names to verify exact labels
print("CSV Columns:")
print(df.columns.tolist())

# Drop the specified columns (only if they exist)
columns_to_drop = ["message_translation", "financial_detection"]
df_cleaned = df.drop(columns=[col for col in columns_to_drop if col in df.columns])

# Overwrite the original file
df_cleaned.to_csv("csvs/10.csv", index=False)  # Overwriting the same file

CSV Columns:
['Time', 'From', 'To', 'Message']


In [23]:
import pandas as pd
import requests
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor, as_completed

# Chats - CSV loop
for csv_path in df_csvs_llm['chats']:
    print(f"Processing: {csv_path}")
    
    # Load the individual CSV file
    df = pd.read_csv(csv_path)
    df['message_translation'] = ""

    # Function to get context around the target message
    def get_context(df, index, window=5):
        start = max(0, index - window)
        end = min(len(df), index + window + 1)
        return "\n".join(df['Message'].iloc[start:end].dropna())

    def query_ollama(prompt, model="gemma3:27b"):
        url = "http://localhost:11434/api/generate"
        payload = {
            "model": model,
            "prompt": prompt,
            "stream": False
        }
        try:
            response = requests.post(url, json=payload, timeout=90)
            response.raise_for_status()
            return response.json()["response"].strip()
        except Exception as e:
            print(f"Ollama error: {e}")
            return "[Translation Error]"

    # Function to process one row
    def translate_row(index):
        target = df.at[index, 'Message']
        if pd.isna(target):
            return index, ""
        context = get_context(df, index)
        prompt = (
            "You are translating Chinese messages to English. Below is a series of related messages. "
            "Use the full context to understand the meaning, but only translate the specific message provided.\n\n"
            f"Context:\n{context}\n\n"
            f"Message to translate:\n{target}\n\n"
            "ONLY RETURN the English translation of the message, ANYTHING ELSE IS FORBIDDEN! "
            "If you encounter a filename or file reference, preserve it exactly as it appears, DON'T add anything!"
        )
        translation = query_ollama(prompt)
        return index, translation

    # Run translations in parallel
    futures = []
    with ThreadPoolExecutor(max_workers=8) as executor:
        for index in df.index:
            futures.append(executor.submit(translate_row, index))

        for future in tqdm(as_completed(futures), total=len(futures), desc=f"Translating: {csv_path}"):
            idx, result = future.result()
            df.at[idx, 'message_translation'] = result

    # Save updated DataFrame back to the original file
    df.to_csv(csv_path, index=False)
    print(f"Finished and saved: {csv_path}\n")

Processing: csvs/28.csv


Translating: csvs/28.csv: 100%|██████████| 46/46 [02:55<00:00,  3.81s/it]


Finished and saved: csvs/28.csv

Processing: csvs/5.csv


Translating: csvs/5.csv: 100%|██████████| 17/17 [00:24<00:00,  1.46s/it]


Finished and saved: csvs/5.csv

Processing: csvs/38.csv


Translating: csvs/38.csv: 100%|██████████| 21/21 [01:18<00:00,  3.75s/it]


Finished and saved: csvs/38.csv

Processing: csvs/18.csv


Translating: csvs/18.csv: 100%|██████████| 84/84 [02:10<00:00,  1.55s/it]


Finished and saved: csvs/18.csv

Processing: csvs/1.csv


Translating: csvs/1.csv:   7%|▋         | 550/8290 [20:25<13:53:57,  6.46s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv:  68%|██████▊   | 5642/8290 [3:25:59<6:53:56,  9.38s/it] 

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv:  69%|██████▉   | 5711/8290 [3:30:46<5:57:09,  8.31s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv:  77%|███████▋  | 6419/8290 [4:01:12<50:27,  1.62s/it]  

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv:  87%|████████▋ | 7230/8290 [4:35:32<2:34:48,  8.76s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv:  88%|████████▊ | 7268/8290 [4:37:49<2:13:42,  7.85s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/1.csv: 100%|██████████| 8290/8290 [5:20:43<00:00,  2.32s/it]  


Finished and saved: csvs/1.csv

Processing: csvs/19.csv


Translating: csvs/19.csv: 100%|██████████| 21/21 [01:04<00:00,  3.06s/it]


Finished and saved: csvs/19.csv

Processing: csvs/29.csv


Translating: csvs/29.csv: 100%|██████████| 80/80 [03:05<00:00,  2.31s/it]


Finished and saved: csvs/29.csv

Processing: csvs/4.csv


Translating: csvs/4.csv: 100%|██████████| 513/513 [17:16<00:00,  2.02s/it]


Finished and saved: csvs/4.csv

Processing: csvs/39.csv


Translating: csvs/39.csv: 100%|██████████| 821/821 [27:27<00:00,  2.01s/it]


Finished and saved: csvs/39.csv

Processing: csvs/16.csv


Translating: csvs/16.csv: 100%|██████████| 149/149 [04:35<00:00,  1.85s/it]


Finished and saved: csvs/16.csv

Processing: csvs/22.csv


Translating: csvs/22.csv: 100%|██████████| 91/91 [03:16<00:00,  2.16s/it]


Finished and saved: csvs/22.csv

Processing: csvs/32.csv


Translating: csvs/32.csv: 100%|██████████| 86/86 [02:35<00:00,  1.81s/it]


Finished and saved: csvs/32.csv

Processing: csvs/26.csv


Translating: csvs/26.csv: 100%|██████████| 6/6 [00:17<00:00,  2.85s/it]


Finished and saved: csvs/26.csv

Processing: csvs/12.csv


Translating: csvs/12.csv: 100%|██████████| 392/392 [13:52<00:00,  2.12s/it]


Finished and saved: csvs/12.csv

Processing: csvs/36.csv


Translating: csvs/36.csv: 100%|██████████| 199/199 [05:28<00:00,  1.65s/it]


Finished and saved: csvs/36.csv

Processing: csvs/27.csv


Translating: csvs/27.csv: 100%|██████████| 29/29 [02:44<00:00,  5.67s/it]


Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)
Finished and saved: csvs/27.csv

Processing: csvs/13.csv


Translating: csvs/13.csv: 100%|██████████| 244/244 [08:18<00:00,  2.04s/it]


Finished and saved: csvs/13.csv

Processing: csvs/37.csv


Translating: csvs/37.csv:  10%|▉         | 32/329 [02:47<52:10, 10.54s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/37.csv:  16%|█▋        | 54/329 [04:46<21:03,  4.59s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/37.csv:  27%|██▋       | 90/329 [07:55<16:51,  4.23s/it]

Ollama error: HTTPConnectionPool(host='localhost', port=11434): Read timed out. (read timeout=90)


Translating: csvs/37.csv: 100%|██████████| 329/329 [16:39<00:00,  3.04s/it]


Finished and saved: csvs/37.csv

Processing: csvs/17.csv


Translating: csvs/17.csv: 100%|██████████| 55/55 [01:42<00:00,  1.86s/it]


Finished and saved: csvs/17.csv

Processing: csvs/23.csv


Translating: csvs/23.csv: 100%|██████████| 24/24 [00:45<00:00,  1.90s/it]


Finished and saved: csvs/23.csv

Processing: csvs/33.csv


Translating: csvs/33.csv: 100%|██████████| 31/31 [00:52<00:00,  1.70s/it]


Finished and saved: csvs/33.csv

Processing: csvs/24.csv


Translating: csvs/24.csv: 100%|██████████| 55/55 [01:57<00:00,  2.13s/it]


Finished and saved: csvs/24.csv

Processing: csvs/41.csv


Translating: csvs/41.csv: 100%|██████████| 322/322 [10:44<00:00,  2.00s/it]


Finished and saved: csvs/41.csv

Processing: csvs/10.csv


Translating: csvs/10.csv: 100%|██████████| 149/149 [06:13<00:00,  2.51s/it]


Finished and saved: csvs/10.csv

Processing: csvs/9.csv


Translating: csvs/9.csv: 100%|██████████| 235/235 [08:11<00:00,  2.09s/it]


Finished and saved: csvs/9.csv

Processing: csvs/34.csv


Translating: csvs/34.csv: 100%|██████████| 426/426 [13:25<00:00,  1.89s/it]


Finished and saved: csvs/34.csv

Processing: csvs/14.csv


Translating: csvs/14.csv: 100%|██████████| 44/44 [01:18<00:00,  1.78s/it]


Finished and saved: csvs/14.csv

Processing: csvs/20.csv


Translating: csvs/20.csv: 100%|██████████| 68/68 [02:06<00:00,  1.86s/it]


Finished and saved: csvs/20.csv

Processing: csvs/30.csv


Translating: csvs/30.csv: 100%|██████████| 322/322 [08:36<00:00,  1.61s/it]


Finished and saved: csvs/30.csv

Processing: csvs/15.csv


Translating: csvs/15.csv: 100%|██████████| 199/199 [06:06<00:00,  1.84s/it]


Finished and saved: csvs/15.csv

Processing: csvs/21.csv


Translating: csvs/21.csv: 100%|██████████| 1046/1046 [24:47<00:00,  1.42s/it]


Finished and saved: csvs/21.csv

Processing: csvs/31.csv


Translating: csvs/31.csv: 100%|██████████| 44/44 [01:06<00:00,  1.51s/it]


Finished and saved: csvs/31.csv

Processing: csvs/40.csv


Translating: csvs/40.csv: 100%|██████████| 129/129 [04:50<00:00,  2.25s/it]


Finished and saved: csvs/40.csv

Processing: csvs/11.csv


Translating: csvs/11.csv: 100%|██████████| 125/125 [04:12<00:00,  2.02s/it]


Finished and saved: csvs/11.csv

Processing: csvs/35.csv


Translating: csvs/35.csv: 100%|██████████| 196/196 [06:40<00:00,  2.04s/it]


Finished and saved: csvs/35.csv

Processing: csvs/3.csv


Translating: csvs/3.csv: 100%|██████████| 23/23 [00:37<00:00,  1.63s/it]


Finished and saved: csvs/3.csv

Processing: csvs/7.csv


Translating: csvs/7.csv: 100%|██████████| 196/196 [05:34<00:00,  1.71s/it]


Finished and saved: csvs/7.csv

Processing: csvs/6.csv


Translating: csvs/6.csv: 100%|██████████| 136/136 [03:08<00:00,  1.38s/it]


Finished and saved: csvs/6.csv

Processing: csvs/2.csv


Translating: csvs/2.csv: 100%|██████████| 500/500 [16:03<00:00,  1.93s/it]

Finished and saved: csvs/2.csv






# **USER ANALYSIS**

In [24]:
def extract_unique_users_from_csv(csv_path):
    try:
        df = pd.read_csv(csv_path)
    except Exception as e:
        print(f"Error reading {csv_path}: {e}")
        return set()

    # Try to find user-related columns
    user_columns = [col for col in df.columns if col.lower() in ['from', 'to', 'sender', 'receiver', 'user']]
    
    if not user_columns:
        user_columns = df.select_dtypes(include=['object']).columns.tolist()

    # Flatten and clean user list
    users = pd.unique(df[user_columns].values.ravel())
    return {str(u).strip() for u in users if pd.notna(u) and str(u).strip() != ''}

In [25]:
all_users = set()

# Loop through each file path in 'chats' column
for csv_path in df_csvs_llm['chats'].dropna().unique():
    if isinstance(csv_path, str) and csv_path.endswith('.csv') and os.path.exists(csv_path):
        users = extract_unique_users_from_csv(csv_path)
        all_users.update(users)

unique_users_from_chats = sorted(all_users)
print("Unique users found in chat logs:")
for user in unique_users_from_chats:
    print("-", user)

Unique users found in chat logs:
- 25713010771@chatroom
- SWEET5683yao
- Shutd0wn
- adpw90
- dujijiyiqxx
- gzp1991101
- hack05112
- ibabaimama
- just910420
- ken73224
- lengmo
- nullroot
- qq78263462
- snipersk
- tianyi-0608
- wangchao953541
- wei592628
- wxid_12n748um1thl21
- wxid_5390224027312
- wxid_70w3p1jin84k22
- wxid_7p054rmzkhqf21
- wxid_blw54o1q0q5w22
- wxid_c9yv0nsla3yn22
- wxid_hlmnhsq64tt722
- wxid_icges6alg8cl21
- wxid_jcnxegjccqi441
- wxid_kbys0kvzj4ta12
- wxid_mgh25nentc4u22
- wxid_nv9bv435fz3722
- wxid_q7vkst94g5u011
- wxid_soekgggwnfgm21
- wxid_wh6x59w70y3r22
- wxid_xusilpfkh31g21
- wxid_zb45i0rc71yk21
- wxid_zbytkn4qjl3r22
- yanzi542766277
- zhangxiaoyan0422


# **Financial Infrastructures Analysis**

In [None]:
from langchain_ollama.llms import OllamaLLM
from langchain_ollama import OllamaEmbeddings
from langchain.vectorstores import Chroma
from langchain_core.prompts import ChatPromptTemplate
from langchain_core.documents import Document
import pandas as pd
import os

In [10]:
# Test for 1 csv
df = pd.read_csv("csvs/10.csv")

# Initialize the embedding model
embeddings = OllamaEmbeddings(model="mxbai-embed-large")

# Setup vector DB path
db_location = "./chroma_financial_chat_db"
add_documents = not os.path.exists(db_location)

# Only add documents if the database doesn't already exist
if add_documents:
    documents = []
    ids = []
    for i, row in df.iterrows():
        document = Document(
            page_content=row["message_translation"],
            metadata={
                "sender": row["From"],                 
                "receiver": row["To"],
                "timestamp": row["Time"] 
            },
            id=str(i)
        )
        documents.append(document)
        ids.append(str(i))

# Create or load the Chroma vector store
vector_store = Chroma(
    collection_name="financial_chats",
    persist_directory=db_location,
    embedding_function=embeddings
)

if add_documents:
    vector_store.add_documents(documents=documents, ids=ids)

# Setup retriever for use in RAG
retriever = vector_store.as_retriever(search_kwargs={"k": 15})

  vector_store = Chroma(


In [11]:
model = OllamaLLM(model="gemma3:27b") 

template = """
You are a cybersecurity analyst reviewing translated chat messages for financial intelligence.

Your task is to extract ONLY the messages that contain **financially relevant information**, such as:

- Payments or money transfers
- Amounts, currencies, or sums of money
- Payment methods (cash, crypto, bank, wallets)
- Account numbers, codes, or financial identifiers
- Mentions of financial roles (payer, payee, client, broker)
- References to suspicious or recurring financial activity

From the messages below:
{chats}

Return ONLY the messages that meet any of the criteria above.

For each relevant message, output:
- The **timestamp** (if provided in the metadata or inferred)
- The **translated content** of the message

Do not summarize. Do not explain. Do not include non-financial content.  
**DO NOT create or infer messages. Use only the exact text from the messages provided. If no messages match, return nothing.**

Output format:
[Time] Message
"""

prompt = ChatPromptTemplate.from_template(template)
chain = prompt | model

In [12]:
question = "Extract only the chat messages that refer to money, payments, currencies, accounts, financial identifiers, or finanacial discussions"

# Retrieve relevant chats
retrieved_docs = retriever.invoke(question)

# Combine into one context string
chat_texts = "\n\n".join([doc.page_content for doc in retrieved_docs])

# Run through the LLM
response = chain.invoke({"chats": chat_texts})

# Output the result
print(response)

Account TGtadie, phone: 18510867099, name: Wang Ning

