Well, that's what I figured, but it's not fetching in the background. It's launching my web browser, then filling in the browser's URL bar (and then failing of course). That's pretty strange behavior that I've never seen before.
ffmpeg16.exe is dated 17 Jul 2014. In addition to code, it contains cp.bin (aka avcodec-54.nch.dll), dated 23 Apr 2013.
Now, cp.bin is interesting: It's a CLI dll, it imports avutil-52.nch.dll (which, I assume, it will attempt to download next), and a person who may be named Hugo Klugman (handle: 'hugoklugman') thinks it's malicious (and 40 other people/entities apparently agree).
I'm not an excitable person, and I've seen some awfully strange things, but never quite this strange.
Like I 'said', I'm not an excitable person, and I want to use stamp and I'm not coming to any hasty conclusions but I wonder what the story is. Is there a story here?