First of all sorry for your loss… It’s weird because the new address didn’t touch the fund yet and no funds were sent to it before. Hacker will have scripts to move the funds quickly before they get track and mix it.
If it’s a virus and the destination address is hard coded the user will have more fund, If the address is generated by the virus he will have to send the private key from your computer to his computer.
You can try to record your traffic with wireshark and do a transaction on the ropsten testnet to see if your testnet funds are also highJack. Maybe you ll get an ip or see the generated key on the network if the virus is not using an https endpoint.
If you get lucky this virus could generate the same private key for the testnet network and you can catch it.
If it s a virus which derive the private key from your, you can also try to create a new address in metamask, they are all derived from each other.
I don’t want to give you false hopes, there’s a big chance that it is lost.
Btw on the Argent wallet website they recommend you to use 23.300 gas
Your first transaction has a gas limit of 21000