Since the token represents an already-authenticated session, the attacker does not need your 2FA code.
Running Blitzed-image-logger.exe poses significant risks beyond just account loss: Blitzed-image-logger.exe
Once an executable is run with user permissions, it can download additional payloads, such as ransomware or keyloggers . it can download additional payloads