Apparently, on windows, the keyboard focus stealing prevention works like this:
process A has a window -> spawns process B -> process B shows a window : it's in front of A's
which is what happens when you start u1cp normally: it spawns ussoc, so when ussoc pops the UI, it's in front.
process B is running -> process A starts (not spawned by B) -> process A tells process B to pop a window -> it pops below A's
This is what happens when you start u1cp, kill it without creds, then start it again. However, this should almost never happen in "normal" usage on windows.
Apparently, on windows, the keyboard focus stealing prevention works like this:
process A has a window -> spawns process B -> process B shows a window : it's in front of A's
which is what happens when you start u1cp normally: it spawns ussoc, so when ussoc pops the UI, it's in front.
process B is running -> process A starts (not spawned by B) -> process A tells process B to pop a window -> it pops below A's
This is what happens when you start u1cp, kill it without creds, then start it again. However, this should almost never happen in "normal" usage on windows.