The SWF has been analysed. We find this URL in the code:
The allowed countries for this particular malicious campaign are ZA, US and UK
188.8.131.52-184.108.40.206 Hop One Internet Corporation
220.127.116.11-18.104.22.168 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.