I just ran through the process twice with a scammer on a VM I'm running. Below is some information I gathered throughout the call, and basically an overview on how it went.
This is my fist attempt at retrieving info from scammers.
I noticed that both GoToAssist and AeroAssist are not traceable from Wireshark because the only repetitive IP that I got was to the mutual IP that their servers use in order to maintain a secure environment.
While I didn't retrieve any damaging information I have the extension for a technician, two of the websites they use for their fake anti-virus, and the account information they use to log in when trying to process payment
Sub Issue: Browser Issue
I gave a false generated CC to them for payment and then acted insulted when they told me it declined. They told me to check my e-mail (which I had given to them as a fake e-mail) on the machine they were viewing. I mocked a sudden shutdown and GoToAssist wouldn't reconnect.
I then got connected to a technician who used AeroAssist as an attempt to download GoToAssist.
He told me that I had to give them another card or try to call my bank. I then pulled up a separate scammer database where numbers are provided on the VM he was viewing. He tried to disconnect, but I then exaggerated the amount of information I drew from them.
He then tried to corrupt vital OS files from my VM, at which point I pulled up notepad to tell him he wasn't smart,
Here are all the numbers I have on them:
888 389 7614, ask for Rebecca. Ext. 2354 and if they ask for a reason, you were disconnected
888 309 6869
888 592 8805
Rebecca's key for LiveTechnician is no longer in operation