Made in China

Server:
dropped file:
C:\WINDOWS\LoadwinPowerProfile.exe 

size: 152 KB

port: 22554 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 

Added:
c:\WINDOWS\SYSTEM\userloadbak.exe