The probable scenario is that you failed to use Sandboxie correctly ie. running a file that appeared "clean" outside the sandbox. Other reasons include: Your system was infected before using Sandboxie and you've managed to discover this only now, also you may have been infected through other vectors that were not protected such as an infected USB. Before making such bold claims, re-assess your security approach and try to find out where you went wrong.
Absent any sample files or urls of this malware attack, no reasonable person would believe or act upon what you've written.
One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.