These past few days, none of them have run tree or dir/s or pointed out stopped services. Only a few started eventviewer. Most of them just look at the popup and get straight to the point that I need to purchase whatever license to get it fixed.
Mind you, as a scammer I would probably do the same, but this is making it less fun with my prepared VM 
This is most definitely the wrong category for this as it includes no scammer information at all.
Moving this to general, please don’t post in the scammer categories unless you have scammer information.
I mean can you blame them? It’s not like they’re working a real job. Some of them just want the money and want to get you off the call as soon as possible. Other scammers have literally tried to convince me the IRS is doing apple cards now even after I reveal I know what they are doing. It all depends on what numbers you call.
Of course I blame them. I want them to walk in to all the traps I set lol.
I just added a some bitcoin exchanges to my browser history and a bitcoin_paper_wallet.pdf to my desktop, no one has even noticed it yet.
Yesterday I did have something new. Instead of using cmd.exe (which is booby trapped on my VM), the scammer opened powershell and typed in some command, dont recall what, to pretend I have problems on my PC. Dang, now I need a fake powershell.
Fortunately they all still use notepad. Or well, upnotepad 