Remote access to your computer (s), once they have that they will steal any passwords or other details they can find, empty linked bank accounts, spam email and social media, etc. Anything they can make or steal money from.
String them along by all means (it may stop them phoning a more vulnerable person for a bit) but do not under any circumstances do anything they say, not one click.
Genuine support staff will be easily identifiable (e.g. by callback to your contracted support firm or department). Bogus ones generally get uppity if you try. Always make the callback from a different line (mobile phone preferably if they rang landline) as clever ones hang on the line, fake a dial tone and pretend to be their own verification.