If a process exec's into another process after a previous exec (e.g. an exec->exec rather than a fork->exec) the sensor overwrites the metadata including the path, process_name, cmdline, and md5. This is why the path for the process changed from xpcproxy to mdworker_shared.
There will only be one path in an API or console because xpcproxy exec's into mdworker_shared immediately and not in a subsequent segment of the doc. The event forwarder however will generate an event for the original process start (1st exec) and another for the 2nd exec.