So this has been going on for several months?
Was that QR code to an app in the Apple App Store, or somewhere else?
Which iPhone? Which iOS?
Why were you following QR codes or app installs from coworker, and particularly one you believe to be sketchy?
As for the core of your question, unfortunately, you’re about the millionth person to want free forensics. Which means you’ll need to better qualify yourself, before the few forensics providers might offer that.
Are you a political dissident or activist, senior in private or government, with access to sensitive or classified data, with access to great wealth, associated with a military involved in active combat, investigative journalist, or other such target?
What other steps or remediations have already been performed? Given this report, and given your concerns, I’d have already expected a factory reset (and not a restore) to have been performed, and re-securing the Apple ID with Safety Check, a new password and new and longer passcode, two-factor authentication, probably lockdown mode, and related steps.
Pragmatically, probably nothing happened. But malware does exist for iPhone, for those that are sufficiently valuable to well-funded adversaries. (And nobody around here is going to be running remote checks or free forensics.)