Is there any way to verify the Windows-download? I couldn't find a hash on the official git site
First of all, Git and GitHub are very different things. Your question isn't clear about which it refers to. I'm pretty sure you either mean the GitHub Desktop installer or the Git for Windows installer.
The official Git for Windows project does publish SHA-256 hashes for its releases.
GitHub doesn't publish hashes of its installers but it does sign them, which is even better. Right-click the installer, go to Properties, then to Digital Signatures.