Hello ultraKnur,
These WPA results are indeed just a result of how the events are attributed to specific processes.
Some events include thread and process ID information in the event header, but the UdpIp events contain the value -1 in these fields. WPA is using context switch information to remember which process and thread is running on each CPU and is using that information to associate the UdpIp events to processes/threads.
That is OK for send events, because they normally happen in the context of the sending process, but does not work for receive events because they happen in the context of whichever process/thread was interrupted to handle the receive interrupt or DPC.
Gary