WiX Bundle gets "Failed to verify hash of payload" when trying to install .net core hosting bundle from web

I have a burn/bootstrapper WiX bundle with:

        <?define DotNetVersion = "2.1.11"?>
        <!-- The Min and Next .Net version that our installed version must be between -->
        <Variable Name='MinDotNetVersion' Type='string' Value='2.1.0' bal:Overridable='no'/>
        <Variable Name='NextDotNetVersion' Type='string' Value='2.2.0' bal:Overridable='no'/>

        <?define HostingBundleUrl = "https://www.microsoft.com/net/download/thank-you/dotnet-runtime-$(var.DotNetVersion)-windows-hosting-bundle-installer" ?>
        <util:RegistrySearch Id="DotNetHostingBundle86" 
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion" />
        <!-- If running installer in a 32-bit process will change above key path to wow6432 etc, then won't find it. So, if didn't find it and version is x64, get the variable
             this way: -->
        <util:RegistrySearch Id="DotNetHostingBundle64" 
                             After="DotNetHostingBundle86"
                             Condition="NOT DotNetHostingBundleVersion AND VersionNT64"
                             Root="HKLM" 
                             Key="SOFTWARE\dotnet\Setup\InstalledVersions\$(var.Platform)\sharedhost" 
                             Value="Version"
                             Variable="DotNetHostingBundleVersion"
                             Win64="yes"/>

        <Chain>
            <ExePackage Id="DotNetCoreHostingBundle" 
                        Vital="yes" 
                        Name=".Net Hosting Bundle Setup" 
                        DownloadUrl="$(var.HostingBundleUrl)" 
                        Compressed="no" 
                        SourceFile=".\ExtResourcesCopy\dotnet-hosting-$(var.DotNetVersion)-win.exe" 
                        InstallCondition="NOT DotNetHostingBundleVersion OR (DotNetHostingBundleVersion &lt; MinDotNetVersion OR DotNetHostingBundleVersion &gt;= NextDotNetVersion)"
                        Description="Installing .Net Hosting Bundle $(var.DotNetVersion). This includes the 32 bit and 64 bit runtimes, the Asp.net runtime packages (Microsoft.AspNetCore.App and .All), and the IIS Hosting Components."
                         />
            ...

I've downloaded the dotnet-hosting-2.1.11-win.exe file into the ExtResourcesCopy folder, and since I set the SourceFile to this it gets its own Payload data.

I then build my .exe and run it on another computer and get the following error:

Acquiring package: DotNetCoreHostingBundle, payload: DotNetCoreHostingBundle, download from: https://www.microsoft.com/net/download/thank-you/dotnet-runtime-2.1.11-windows-hosting-bundle-installer
Error 0x80091007: Hash mismatch for path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, expected: 1ED626AD403D6E5D99AB69DB7C281FB8E8A8D0A2, actual: F21BF2F13F89D1C9DFD2844D57728102D5714EAA
Error 0x80091007: Failed to verify hash of payload: DotNetCoreHostingBundle
Failed to verify payload: DotNetCoreHostingBundle at path: C:\ProgramData\Package Cache\.unverified\DotNetCoreHostingBundle, error: 0x80091007. Deleting file.

I then checked the SHA1 hash on the target computer by downloading the dotnet-hosting-2.1.11-win.exe file manually from Microsoft, using the exact url from the log file, and running:

certutil -hashfile dotnet-hosting-2.1.11-win.exe

This gave me the expected hash of: 1ed626ad403d6e5d99ab69db7c281fb8e8a8d0a2

So where is this "actual" hash of F21BF2F13F89D1C9DFD2844D57728102D5714EAA coming from? Is there a way of pausing the installer so I can inspect the file in the .unverified folder? And/or what can I do about this?

The URL you're using is an HTML page that uses JavaScript to download the package. Burn just sees the HTML.