The SWF has been analysed. We find this URL in the code:
The allowed countries for this particular malicious campaign are ZA, US and UK
126.96.36.199-188.8.131.52 Hop One Internet Corporation
184.108.40.206-220.127.116.11 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.