Full Shutdown Begin Root Container <--> User session is controlled by CShell. <--> Pre-Shutdown Notification Event-Based Start with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=3, and version=0 Event-Based Stop with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=4, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> System Session Shutdown Event-Based Start with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=9, and version=0 Event-Based Stop with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=10, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> Shutdown Services Children: Shutdown Service Begin Shutdown Services Container <--> Shutdown Service Event-Based Start with provider=0063715b-eeda-4007-9429-ad526f62696e, id=105, version=0, CurrentState=4, and ExecutionPhase=3 Event-Based Stop with provider=0063715b-eeda-4007-9429-ad526f62696e, id=105, version=0, and CurrentState=1 Additionally, only match start to stop if the field "ServiceName" is the same. Instance based off payload field called "ServiceName" in the start event. <--> End Shutdown Services <--> UNSUPPORTED REGION: In future versions, this will contain the following region: Post On/Off Region-Based Start based off the stop of region: d8d639a0-cf4c-45fb-976a-000000000200 (System Session Shutdown) Trace-Based Stop Additionally, only match start to stop if the PIDs are the same. Children: NT Shutdown System Pre-Sleep Callbacks Flush Storage Volumes Shutdown Devices Zero Page File IO Shutdown System CM Shutdown System Instead, this region is being made a container. <--> NT Shutdown System Event-Based Start with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=8, and version=0 Event-Based Stop with provider=206f6dea-d3c5-4d10-bc72-989f03c8b84b, id=51, and version=0 <--> PreSleep Callbacks Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=68, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=69, and version=0 <--> Flush Storage Volumes Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=45, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=46, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> Shutdown Device Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=46, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=49, and version=0 <--> Zero Page File Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=49, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=50, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> IO Shutdown System Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=51, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=52, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> CM Shutdown System Event-Based Start with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=55, and version=0 Event-Based Stop with provider=331c3b3a-2005-44c2-ac5e-77220c37d6b4, id=56, and version=0 Additionally, only match start to stop if the PIDs are the same. <--> End Shutdown System <-->