Disassembling REvil. The notorious ransomware hides WinAPI calls