Fileless malware, ransomware and remote access agents trying to evade detection by running in memory rely on being able to allocate “Heap” memory – a step just made harder by Sophos