IMO this indicates a (poorly) written automatic script to check known private keys for a corresponding balance + OP's seed is compromised.
It would seem that it is most likely the "seed" that has been compromised (or at the very least the Master Private Key, possibly the entire wallet file if it had no password)... I suspect this is why there was some "change" going back into the wallet during the two transactions that transferred coins out. It's really the only way for an external script/wallet to be able to generate the change addresses.
Otherwise, it would have meant the OP was just messing around and accidentally sent coins to some place they didn't mean to... but you'd think someone might remember messing about click buttons inside a wallet app sending coins to themselves/random addresses
Granted, it is a little unusual that the stolen UTXOs haven't been moved on... but perhaps it's an old script running on a server somewhere that the thief has forgotten about?