How can attackers combine the utility manager backdoor with tscon to bypass the Windows login screen?

By modifying the registry for `utilman.exe` (Image File Execution Options), an attacker can replace it with `cmd.exe`. Clicking the Ease of Access icon at the login screen then spawns a command prompt with System privileges. From there, they can run `tscon` to switch to any existing user session without authentication. This backdoor technique is a powerful way to bypass the login screen entirely.