Comae described WanaKiwi, a WannaCry recovery tool by Benjamin Delpy that builds on Adrien Guinet's Wannakey method for recovering RSA prime numbers from memory. The technique targets infected Windows systems that have not been rebooted and depends on the relevant memory not being overwritten, with confirmed testing in the excerpt on Windows XP, Windows 7, and Windows 2003. WanaKiwi recreates the .dky files expected by the ransomware, making it compatible with WannaCry's own decryption flow and helping prevent further encryption. The excerpt also notes continued kill-switch activity, including a spike from Malaysia, underscoring that recovery work was occurring while infections were still active worldwide.