In this specific case, the address list was hardcoded in the libraries: the program then selected the address best matching the original one to deceive the user in using a visually similar, but diffrent address.