use x64dbg look for cpuid instructions and unset the HVM bit

stop_cpuid_detect.py

from x64dbgpy import pluginsdk

# Put this script in the Python path, and 
# execute the following Python snippets in
# the Python dialog in x64dbg:
#
# from stop_cpuid_detect import *
# trace_cpuid(n=1000)

# the above code will trace through the program
# for up to 1000 instructions until it gets to
# a 'cpuid' instruction or assumed system DLLs,
# If you want to trace instructions in system DLLs
# use the following command:
# trace_cpuid(n=1000, force=True)


def check_cpuid(ea):
    b1 = pluginsdk.memory.ReadByte(ea)
    b2 = pluginsdk.memory.ReadByte(ea+1)
    if b1 == 0x0f and b2 == 0xa2:
        return True
    return False


def trace_cpuid(n=None, force=False):
    ea = pluginsdk.register.GetEIP()
    try:
        x = 0
        while True:
            pluginsdk.debug.StepIn()
            ea = pluginsdk.register.GetEIP()
            if ea & 0x70000000 == 0x70000000 and not force:
                print ("In system library addr space, so returning control to user: 0x%08x" % ea)
                break
            if check_cpuid(ea):
                print ("N=%d Found CPUID@ 0x%08x" % (x, ea))
                pluginsdk.debug.StepIn()
                ecx = pluginsdk.register.GetECX()
                ecx &= 0x7FFFFFFF
                pluginsdk.register.SetECX(ecx)
                break
            b1 = pluginsdk.memory.ReadByte(ea)
            b2 = pluginsdk.memory.ReadByte(ea+1)
            print ("N=%d 0x%08x %02x %02x" % (x, ea, b1, b2))
            x += 1
            if n is None:
                continue
            if n - x < 0:
                break

    except KeyboardInterrupt:
        pass
    except:
        raise