The SWF has been analysed. We find this URL in the code:
The allowed countries for this particular malicious campaign are ZA, US and UK
18.104.22.168-22.214.171.124 Hop One Internet Corporation
126.96.36.199-188.8.131.52 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.