You want to obtain CPU profiling data to examine performance beyond what is possible via FINEST agent logging.
There are two ways to approach this, with Windows Performance Recorder we can get an ETL file that can be read by Windows Performance Analyzer that gives a really good overview of user mode code activity. With a low altitude Procmon, we can get file, registry, network and process activity including kernel driver activity. However, the Procmon output is a bit harder to examine purely from a call stack frequency perspective.
Note: Both of these profiling methods are very resource intensive and should be done as tightly around the issue recreation window as is possible.