The SWF has been analysed. We find this URL in the code:
The allowed countries for this particular malicious campaign are ZA, US and UK
22.214.171.124-126.96.36.199 Hop One Internet Corporation
188.8.131.52-184.108.40.206 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.