A leaked North Korean email client is shown as a Windows application made up of MailClient.exe, DLLs, and a configuration file, with hashes provided for the main executable and dskinliteud.dll. String analysis indicates use of the Chilkat library and references to protocols including SSH, FTP, SMTP, and TLS, suggesting broader network-capable components beyond basic mail handling. Runtime testing found the client only accepted usernames under the star-co.net.kp domain and exposed a simple offline-oriented workflow with local inbox and outbox areas for storing and sending mail when connectivity is available. The shipped configuration included a North Korean domain entry and a second server profile named 626MailServer pointing to 214.6.26.30, which the author notes is Department of Defense-owned but does not attribute as malicious infrastructure.