• EnumDeviceDrivers|GetDeviceDriverFileNameW Checks for drivers
• EvtClearLog|ClearEventLog Empties the system event log
• TerminateProcess Messes with other processes
• PrintWindow Takes screenshots
• SetKernelObjectSecurity|SetFileSecurity|SetNamedSecurityInfo|SetSecurityInfo Manipulates DACLs
• OpenSCManagerW|CreateService|DeleteService Manipulates services
• CoLoadLibrary Replacement for LoadLibrary

Thanks a lot for these suggestions! They will be implemented shortly.

I just removed TerminateProcess from the list: turns out it gets imported by default in _report_gsfailure, which means that any /GS-protected binary would have it. The presence of this particular import is therefore not very meaningful.

Same goes for IsDebuggerPresent, which seems to be referenced in just any PE (from ___scrt_fastfail).