I don't know of an event I know was malware, but I did have an episode recently when I installed Windscribe. I have a 50 GB data account, but I had stopped using the account. Got an e-mail from Windscribe, so decided to try it again. Less than a week later someone hacked my main e-mail account. Windscribe was the only thing that had been changed on the system recently, so I changed the password for the e-mail and uninstalled Windscribe.
I don't think the legit Windscribe installer would do this, but if there is a RCE exploit in the client that may explain your incident. Who knows?
Another explanation is that someone is doing MiTM attacks on vpn client downloads , this I'm certain people are doing now, it's just such a juicy target .