When conducting a threat investigation, I have a quick reference chart that I keep stored between my ears. The problem is that location isn’t helpful to those I work with or assist. I put together a documented quick reference with my common go-to tools based on the SANS PICERL approach.
In case you are interested, here is what I normally think about when investigating an incident or actor. Hope it helps!
Virus Total scan: https://www.virustotal.com/gui/file/e5b796db82ca3314873e6594ab34948a08a459901a0c9ee8de003af48c6b44ee/details