I have to admit that this is the first time I've ever heard of a case like this, and it's really weird this happened to you. I see that you are not a beginner and that you understand the basics on which a hardware wallet works, so I will not doubt that everything you wrote is true.

Assuming you have legitimate software (Electrum, firmware in Nano S and legit Windows 10) I would personally assume it was some sophisticated malware that somehow bypassed the protection Ledger had and added another transaction. Another possibility is that it's some kind of internal bug that is a combination of some incredibly strange circumstances that occurred during your legitimate transaction. Still, the question remains, where did this new address come from if it wasn't some malware?

I understand your privacy concerns, but it would still be advisable to put the ID of both transactions, there are members who can conclude something from the transactions. Are you using any kind of antivirus protection, have you tried scanning your computer for possible virus/malware?

I used the Nano S in combination with Electrum a few days ago, and the transaction went pretty normal.