Hey Karin,
You are right, your sites will have files named xxx-backup.sql.09b1fc07e7087df852138f3ff41011bebc25b17a-wptc-secret, these are files stored locally on your site so that the file name is not just xxx-backup.sql which will be easy for hackers to identify.
When they are uploaded to the cloud they are uploaded as xxx.sql using the dropbox version history as you mentioned.
Once the sql file is uploaded to the cloud, the local copy that has a bigger file name will automatically be deleted.
However, coming to your scenario I just checked some test sites of mine and saw that some had their names saved as xxx.sql while others had the filename with the entire hash. So I tried restoring the site with the revision file name and the other site with the hashed file name. Looks like both the restores were successful.
So what’s happening here is that the files are getting stored as revisions on some scenarios while on some they are getting saved as new copies. Rest assured, there will not be any problems with the files in the backup first mentioned.
Also to confirm, can you please let me know if the first backup file is a multisite install or installed inside a subdomain? We are looking into this and we will fix it once we have some more data on the same!
Regards,
Tauseef