diff --git a/1.1xx.png b/1.1xx.png
new file mode 100644
index 0000000..507787d
Binary files /dev/null and b/1.1xx.png differ
diff --git a/README.md b/README.md
index 1d89ba8..fa5771a 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,8 @@ Investigation Analysis
 1. Understand the Environment
 Used Statistics → Conversations → Endpoints to map all active hosts and identify the top talkers in the capture before applying any filters.
 
+![Statistics](image/https://github.com/AKINOLASELIM/Network-Traffic-Analysis-NetSupport-Manager-RAT-Detection/blob/image/statistics.png?raw=true)
+
 2. Confirm the C2 Communication
 ip.addr == 45.131.214.85
 All traffic to the known C2 IP was exclusively between 45.131.214[.]85 and internal host 10.2.28.88 — confirming a single compromised machine.
diff --git a/hostname.png b/hostname.png
new file mode 100644
index 0000000..6ca0fb2
Binary files /dev/null and b/hostname.png differ
diff --git a/https404.png b/https404.png
new file mode 100644
index 0000000..266efa5
Binary files /dev/null and b/https404.png differ
diff --git a/kerberos-name-of-the-victim.png b/kerberos-name-of-the-victim.png
new file mode 100644
index 0000000..bed4f9d
Binary files /dev/null and b/kerberos-name-of-the-victim.png differ
diff --git a/mac address.png b/mac address.png
new file mode 100644
index 0000000..9c1e50e
Binary files /dev/null and b/mac address.png differ
diff --git a/netsupportermanager.png b/netsupportermanager.png
new file mode 100644
index 0000000..1232bc6
Binary files /dev/null and b/netsupportermanager.png differ
diff --git a/osintonnetworkmanager.png b/osintonnetworkmanager.png
new file mode 100644
index 0000000..70a8515
Binary files /dev/null and b/osintonnetworkmanager.png differ
diff --git a/post-beaconing.png b/post-beaconing.png
new file mode 100644
index 0000000..6ce6276
Binary files /dev/null and b/post-beaconing.png differ
diff --git a/statistics.png b/statistics.png
new file mode 100644
index 0000000..9d28023
Binary files /dev/null and b/statistics.png differ
diff --git a/virus totalonip.png b/virus totalonip.png
new file mode 100644
index 0000000..b3741f5
Binary files /dev/null and b/virus totalonip.png differ