If it is a phishing scenario in which users have to download a fake attachment, you can see users’ downloading details here.