[Vol-users] Processes have more than one address space???

Hi all, I've come across a peculiarity that I'd really like someone to shed some light on. Consider: Volatility Foundation Volatility Framework 2.4 Current context: System @ 0xfffffa80018ae890, pid=4, ppid=0 DTB=0x187000 Welcome to volshell! Current memory image is: file:///C:/Windows7x64.vmem To get help, type 'hh()' ... my_proc = p ... break ... 4 System ... my_proc.get_process_address_space() ... <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76240> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76470> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D762E8> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76240> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76470> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D762E8> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76240> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76470> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D762E8> <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0000000008D76240> There appears to be three different objects that are returned on a cycle. Is this normal, expected behaviour? Why are there three? Thank you!