It appears to be a false positive. Today we got nine detections during the daily scan on our endpoints. Interesting that the detection of wordpad.exe as "Trojan.PasswordStealer" by Malwarebytes involved endpoints having different versions of Windows 10 (it was detected on 1703, 1709, and 1803). The version of the file seems to be same in all three versions, same date stamp. I checked file consistency with both DISM and SFC and the tools found no corruption. Scanning the files with Bitdefender, Zemana, and Hitman Pro didn't result in any detection. As well, we checked the files with various sandboxes and malware analysis tools and most didn't find anything malicious. To note that both ViCheck and one hash from MBA detection copied to VT found the entry suspicious and malicious respectively.