This collects the SHA256 and SHA1 has of launchd processes on LINUX and no I do not know why the scheduled query has an MD5 in the name seeing as we do not get the MD5 value. 
launchd
launchd has two main tasks. The first is to boot the system, and the second is to load and maintain services.
SCHEMA
| keep_alive | string | Should the process be restarted if killed |
| label | string | Daemon or agent service name |
| name | string | Name of the registry value entry |
| on_demand | string | Deprecated key, replaced by keep_alive |
| path | string | Full path to the value |
| process_type | string | Key describes the intended purpose of the job |
| program | string | Path to target program |
| program_arguments | string | Command line arguments passed to program |
| run_at_load | string | Should the program run on launch load |
| sha1 | string | SHA1 of the file now |
| sha256 | string | SHA256 of the file now |
-- launchd_md5 INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, keep_alive, label, name, on_demand, path, process_type, program, program_arguments, run_at_load, sha1, sha256 -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'launchd_md5'
