2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Sorry to say your email was probably breached combined with keylogger.
Email isn't true 2FA (unless your email itself has 2FA with google auth or something like that) as it is very easy for an email to become compromised.
Even then you should also use other 2FA.
Sorry for your loss again and good luck.