In my case Windows Defender found this. Not sure if it's a false positive or not but managed to remove it with Defender and subsequently did 2 more complete scans and seems to be gone now

Program:Win32/Uwasson.A!ml

Affected items:

containerfile: C:\Program Files (x86)\Common Files\VMware\InstallerCache\{F838A98A-9A53-4983-9D1E-134EC757A162}.msi

containerfile: C:\Program Files (x86)\VMware\VMware Workstation\x64\EFI32.ROM

containerfile: C:\Users\username\AppData\Local\VMware\vmware-download-0454\cdstmp_ws-windows_16.1.0_17198959\VMware-workstation-16.1.0-17198959.exe

However, there are 4 folders with this DIFXAPI.dll file in the Temp directory and these files/folders can't be renamed or deleted even with Admin rights:

1. HICD752.tmp.dir

2. OWAA62C.tmp.dir

3. WGIC9A.tmp.dir

4. ZMH98A2.tmp.dir

Seems as if the installer has been compromised?