i do not see it spawning a conhost.exe if i unzip the msi and use osqueryi.exe (as a service) instead of osqueryd.exe in this case i see only two osquery processes, which what i would expect

It should be a Windows executable; it should be possible, from the Task Manager/Details window, to select "Open file location"