This is a real question, because if more people use this computer, everyone could see the seed that the OP saved as a plain text file.
If he is the only user of that computer, then someone did it remotely, and one remote access trojan is quite enough for something like that. It would not be strange if someone had control over his crypto wallet from before, but he was waiting for a slightly higher amount of a few $ that the OP had until then.
Also, although it was not mentioned, maybe that seed was not generated by the OP, but it was a way of buying BTC. In addition to the trick of selling watch-only wallets, some sell the actual seed with a certain amount of BTC - and when a buyer at some point sends a larger amount into his wallet, an unpleasant surprise awaits them.