TL;DR

It’s not malware. The sandboxes flagging this as malware are doing it because the dongle is installing a driver. Like it should do.

Erik Parker did a video reverse engineering the installer and shows the driver doing what it should.
https://www.youtube.com/watch?v=GY87l_uSIuA

Both chips have an external SPI Flash option, which is used with the USB side to present a ‘virtual CD drive’ to the user when the dongle is plugged in.

Ah, the bad old days of device drivers. I don’t miss them at all.