And it downloads Tor to connect to C2. So it’s a machine with Internet access AND without security mesures.

So it might be a target with poor IT. A windows machine shouldn’t be left without AV, especially if it has Internet access.