CobaltStrike? It doesn't flag it as malware - it flags it as matching patterns found in malicious software because of the automatically detected behaviors. It's a heuristic test. Real reasons I don't know but it's likely any or all: it's a new executable without history and it has many behaviors which could be malicious: dynamically linked DLLs (ffmpeg for videos, webp libraries), opens links (mega download for the updater) etc. You can mark it as not malware and eventually as the popularity grows, Google will stop.
Also in upcoming 1.12 I added manifests which should stop triggering UAC.