diff --git a/yara/apt_moonlightmaze.yar b/yara/apt_moonlightmaze.yar
index 1ce0ada..c9a117b 100644
--- a/yara/apt_moonlightmaze.yar
+++ b/yara/apt_moonlightmaze.yar
@@ -41,8 +41,8 @@ strings:
 	$a11="ork error" ascii fullword
 
 condition:
-	// Change from "any of them" to 3 of them due to false positives with Nvidia drivers
-	3 of ($a*)
+	// Added filesize due to false positives with Nvidia drivers in process memory
+	filesize < 5000KB and 3 of ($a*)
 }