Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I've been meaning to visit KeePass's website and download the latest version, too.
That's because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren't really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.