new processes started in procmon log file

gistfile1.txt

$ ./procmon ~/logfile.xml newpids
 IDx   PID  PPID Command
  54   464  1556 "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe"  "C:\malware\SAMPLE.pdf"
  55   208   464 "C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe" Adobe Reader
  56   112   464 C:\DOCUME~1\analyst\LOCALS~1\Temp\redacted
  57   392   464 "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\DOCUME~1\analyst\LOCALS~1\Temp\redacted.pdf"
  58  1756   112 reg add HKLM\SYSTEM\CurrentControlSet\Services\RedactedDriver /v imagepath /t REG_EXPAND_SZ /d system32\driver.bin /f
  59  2032   112 reg add HKLM\SYSTEM\CurrentControlSet\Services\RedactedDriver /v imagepath /t REG_EXPAND_SZ /d System32\DRIVERS\driver.sys /f
  60   400   112 "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Other commands

$ ./procmon ~/logfile.xml 
Too few arguments
Usage:
     procmon procmon.xml [commands] [arguments]

Commands:
  xpath:
    Search with a freeform XPath expression.

      xpath --expression="/xpath/node[criteria='selection']"

  newpids:
    Search a procmon log file for new processes started. Takes no arguments.

      newpids

  children:
    Display child processes by parent PID

      children --pid 404

  operations:
    Display all operations, or operations performed by PID.

      operations

      operations -p 404