As Internet technologies evolve, network data transfer and inspection demands have also increased at the same pace. A need has emerged to effectively inspect large data transfers for malware, for example, without introducing noticeable latency. To create fingerprints of known files, conventional malware cloud lookup technologies perform hash digests of the entire contents of each of the files. Increases in the sizes and numbers of files result in corresponding increases in hash compute times and resources to compute the hashes. For example, a conventional hash digest of a 5 GB file may take 40 seconds or longer to compute, which causes massive latency if performed in-line with a data transfer between endpoints in a network. This poses a serious challenge to maintaining acceptable performance in, and reasonable hardware requirements for, a cloud lookup system. Additionally, detection of malware, even known malware, by conventional malware cloud lookup technologies is easily avoided by a bad actor. For example, simply adding padding bytes anywhere in the malware file changes a known fingerprint of the file to a new, unique fingerprint that is unknown and, therefore, not able to be detected. Even further, conventional malware lookup technologies typically limit the size of the files that are fingerprinted to avoid performance issues, which disadvantageously allows large portions of the files to go un-inspected.