Modify pafish for use the Windows API GetTickCount. GetTickCount returns the number of milliseconds that the system has been alive, up to a maximum of approximately 49 days. Programs can use this value to determine how long a system has been running and make decisions based on that value. The following image shows Upatre executing these instructions inside of a debugger:

The code calls GetTickCount and compares the returned value to 0xAFE74 (720,500 milliseconds, or ~12 minutes). If GetTickCount returns a value less than 0xAFE74, Upatre determines that the system has been running for less than 12 minutes and exits.

Reference: http://researchcenter.paloaltonetworks.com/2015/10/ticked-off-upatre-malwares-simple-anti-analysis-trick-to-defeat-sandboxes/