The time stamps could be misleading you.
It is possible that this infection did not come from an Internet site, but could have come from an e.mail or a package that was downloaded and eventually opened. Possibly days before.
Especially considering that this particular "malware" opens webpages if memory serves. Thus the time stamps could be off.