Any evidence of hacking in the install.log?

Totally agree with @Yer_man. The macOS logs are worthless for troubleshooting. You will go insane looking at any macOS system logs. The only useful macOS log is the Kernel Panic logs when the Mac has a hard system crash, otherwise just stay away from the macOS system logs.

Try running MalwareBytes on the computer if it is suspected of any malicious software. Don't use any other anti-virus software, cleaning apps, or third party security software since they are not needed on a Mac and they usually cause more problems than they solve plus they impact system performance. Normally there is no need to even use MalwareBytes unless a user suspects malware has been installed.

Don't go there. Logs are developers leaving cryptic notes for themselves. They are not for users to read and understand. If your friend thinks s/he has been hacked a more useful questions would be by who? how? and what makes you think so?