This article introduces Swarmer, a tool designed for stealthy modification of the Windows Registry without triggering endpoint detection systems. It leverages legacy Windows features, specifically mandatory user profiles and the Offline Registry API, to achieve persistence without typical detection methods. The authors share insights from its operational use in engagements over the past year.