In the windows 9x days, software had direct access to hardware without needing any permission.
They could get very creative about where the trial end date could be hidden. They could write it to random blocks of the fat32 partition marked as "free". They could even find unallocated blocks outside of the partition table and write it there.
Or you could write it to the contents of a file without going though the regular file APIs, so it's modification date wouldn't change.
As long as just one copy of the trial end date stays intact, it can simply take the latest one.
I had a case of a program that had to run with admin rights, it was storing the info in some of the first sectors of the HD (yes it's possible without direct hardware access, you "just" need admin rights). Of course it corrupted my GRUB... they didn't think that there might be useful data between the MBR and the first partition. This happened around 2010, so no need to go back to Windows 9x to find very weird stuff ;)
They could get very creative about where the trial end date could be hidden. They could write it to random blocks of the fat32 partition marked as "free". They could even find unallocated blocks outside of the partition table and write it there.
Or you could write it to the contents of a file without going though the regular file APIs, so it's modification date wouldn't change.
As long as just one copy of the trial end date stays intact, it can simply take the latest one.