Why are there results for MD5 Process Search but Binary Search is empty?

Most likely the binary was purged and the sensor with the event had previously seen the hash.

New hash

• First sensor to see the binary uploads the binary metadata

Hash already existing

• Sensor checks with the server and is told the hash exists

In both cases, the sensor has an internal cache to tell it not to ask the server again. If the server's cron purges older hashes (modulestore_purge) and a sensor sees the binary execute again, the sensor would not ask the server again due to the cache.  In this case, the sensor does not send up the metadata.  Binary metadata is in the cbmodules core (binary search page), and the event (process search) contains a reference to the MD5 in the process document which is why it displays correctly for the event.  If the hash info is needed again, it would need to come from a sensor that has not seen the hash before so it can check with the server, or delete the cache file and have that sensor see the hash again.