I started this research piece attempting to work out when the SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 key might be updated... I've never seen the value within the 0065 key differ from the value within the 0064 key in an actual case, and I've never found a definitive answer online as to when these values may change, although 0064 is widely understood to refer to the First Connected time of that USB device. Bring on the testing!
Caveat: This is ONE test, on ONE system, with ONE version of Windows!
I connected a new USB device to my Windows 10 22H2 system, that had never been connected to it before. Cue a number of artifacts (not exhaustive!):
Disconnecting & reconnecting the same USB device resulted in changes to these artifacts, as you might expect:
I then uninstalled the device driver in Device Manager, and that's where things started to get interesting...
According to the setupapi.dev.log, the driver was uninstalled at 09:19:53 UTC, which is when I actually clicked on 'Uninstall device' -> 'Uninstall' in Device Manager (Note: I was in Munich at the time, so local time was UTC+1 & setupapi.dev.log stores timestamps in localtime). This process didn't remove the actual driver files from C:\Windows\System32\drivers, so I removed them manually.
...and the driver was re-installed (with an error) when the device was reconnected at 09:26:03 UTC.
To fix this driver installation error, I restored the original driver files to C:\Windows\System32\drivers, and disconnected and reconnected the device at 09:26:21 UTC. I then disconnected and reconnected the device a second time at 09:28:08 UTC. Neither of these disconnect-reconnect events resulted in any driver reinstall events.
We can see the driver uninstall & install events in the setupapi.dev.log file, but how did that affect all of those other artifacts?...
Registry keys:
SYSTEM\ControlSet001\Enum\USB
SYSTEM\ControlSet001\Enum\USB\VID_090C&PID_1000 key last write timestamp showed the original First Connected Time of 08:15:16 UTC
SYSTEM\ControlSet001\Enum\USB\VID_090C&PID_1000\121219-81072 key last write timestamp showed the Last Connected Time of 09:28:08 UTC
SYSTEM\ControlSet001\Enum\USBSTOR
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100 key last write timestamp showed the 'new' First Connected Time After Driver Installation of 09:26:21 UTC
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0 key last write timestamp showed the Last Connected Time of 09:28:08 UTC
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 default value showed the 'new' First Connected Time After Driver Installation of 09:26:21 UTC
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 default value showed the 'new' First Connected Time After Driver Installation of 09:26:21 UTC
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066 default value showed the Last Connected Time of 09:28:08 UTC
SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067 default value showed:
the Last Connected Time of 09:28:08 UTC while the device was still connected
this was then updated to the Last Removed Time of 11:23:10 UTC when the device was disconnected (matched actual removed time)
Some other anomalies under this USBSTOR key worth noting:
A deleted Properties key was recorded under SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067, which had a last write timestamp that did not correspond to any of the activities I had conducted at all. The timestamps even pre-dated the first ever connection time for this device on this system
A deleted Device Parameters key and subkeys were also recorded under SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0.
The last write timestamp of the deleted SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_Generic&Prod_Mass_Storage&Rev_1100\121219-81072&0\Device Parameters key was the first time I uninstalled the device drivers in Device Manager, at 08:58:33 UTC.
The last write time of the subkeys corresponded to the original First Connected Time of 08:15:16 UTC
Event logs:
No further 20003 events were recorded in the System.evtx event log after that very first driver installation at 08:15:17 UTC
Every connection and disconnection event for the USB device was recorded in the Microsoft-Windows-Partition%4Diagnostic.evtx event log, with Event ID 1006:
In Summary / TLDR:
It may typically be quite rare for a device's driver to be re-installed after that first installation when the device is first connected to a system, but if it is, some USB connection artifacts may be updated
During my test of my Windows 10 22H2 system:
Device First Connected to this system:
SYSTEM\CurrentControlSet\Enum\USB\<device> key last write timestamp
Device First Connected After Last Driver Install to this system:
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device> key last write timestamp
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 default value
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 default value
Device Last Connected to this system:
SYSTEM\CurrentControlSet\Enum\USB\<device>\<iSerialNumber> key last write timestamp while the USB is still connected to the system
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber> key last write timestamp while the USB is still connected to the system
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066 default value
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067 default value while the USB is still connected to the system
Device Last Removed from this system (updated on device removal):
SYSTEM\CurrentControlSet\Enum\USB\<device>\<iSerialNumber> key last write timestamp if the USB device is NOT connected to this system
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber> key last write timestamp if the USB device is NOT connected to this system
SYSTEM\CurrentControlSet\Enum\USBSTOR\<device>\<iSerialNumber>\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067 default value if the USB device is NOT connected to this system
Be wary of last write timestamps assigned to deleted registry keys
Only the first driver installation event may be recorded in the System.evtx event log (event ID 20003)
Look for every USB device connection and disconnection event (Event ID 1006) in the Microsoft-Windows-Partition%4Diagnostic.evtx event log
...and I've STILL never seen the value within the 0065 key differ from the value within the 0064 key!