I downloaded a 1.5 MB dmg file from a inauthentic site and despite suspicion, opened it and opened the app inside it. Assume that the game I wanted was game, so it was named game.dmg. It mounted installer and showed the icon of installer.app. It didn't install the expected software ofc, but displayed the privacy policy of InstallCore and then two software recommendations which I denied. After which, it showed a link which let me download real software. Back to Finder, it showed completed Installation.
I have the dmg and I can open it again but I need to know where to look to find all the installations, files it wrote etc. I checked in System Report-> installations sorted by date. Only Adobe Flash Player was something I don't remember installing on that day. It was pre-installed. I have removed it for now.
MalwareBytes scan didn't show anything.
Feel free to ask for package contents, screenshots, system logs, activity monitor details etc. MacOS Mojave on MacBook Air.
Best Answer
In general it is not possible to figure out after the fact what was done - unless you have backups.
If you have a recent backup from just before the installation, you can do a comparison with your current system to locate the differences. This is the “safest” method (I.e. least likely to miss something).
It is also possible to analyze the installer file itself - but modern malware tend to receive instructions from a server on what to do on the target system. Such instructions might have changed since you installed.