A bank in Poland previously discovered unknown malware running on several of its computers, exposing a wave of attacks that affected organizations from at least 31 countries.
What’s unique about this attack, is the usage of a piece of sophisticated malicious software, that managed to reside purely in the memory of a compromised machine, without leaving a trace on the machine’s file system. Fileless malware allows attackers to evade detection from most end-point security solutions which are based on static files analysis (Anti-Viruses).
If they are running entirely on memory, then after restart they will be wiped out. But for many devices , they normally won't restart regularly unless if there is update (like monthly Windows Update) or installing applications. Windows Defender also has capability to scan process and malwares reside on memory.