Travis Smith has published a post about fileless malware on The State of Security. He notes that this type of malware isn’t really fileless. According to the author, the malware from Ars Technica article created a service for persistence. The following registry keys were written to:
It means that the malware was not actually fileless. Learn more about this fact in the original post.