a364e23d155c1aa1487dd65be8b8f0f4cbd612a2723d16cecc37797f8654d573
Summary
Explorer.exe is the built-in Windows file explorer. It is very common to see explorer.exe to have a variety of children, and also for it to be launched by a variety of parents.
EchoTrail Prevalence Score (EPS)

81.26

?
Rank Analysis
Host Prevalence

92.6%

?
Execution Rank

40,705th

?
Behavioral Analysis
Top Filenames
Top Paths
C:\Windows
69.12%
Top Network Ports
443
95.54%
Ancestry Analysis
Top GrandParents
Top Children
Security Analysis
Intel
The legitimate Explorer.exe is the built-in Windows file explorer. However, explorer.exe is one of the top malware names. Signs of the legitimate explorer.exe:
Image Path: %SystemRoot%\explorer.exe
Parent Process: Created by an instance of userinit.exe that exits, so analysis tools usually do not provide the parent process name.
Number of Instances: One or more per interactively logged-on user
User Account: <logged-on user(s)>
Start Time: First instance starts when the owner’s interactive logon begins

Also note that malware could inject into the memory space of explorer.exe. In this case we would need to analyze the dlls that are loaded, or the actual code running in memory.