Is there any way osquery can show the origin of file downloaded on Macosx.. Something from lsquarantine dB and browser artifacts or any curl, wget utility tools that was used from a adware/malware script. I'm asking from DFIR perspective..