Office documents with a VBA project that contains streams whose name starts with __SRP_, have had their VBA macros executed at least once.
As Dr. Bontchev describes in the documentation for his pcodedmp tool:
When the p-code has been executed at least once, a further tokenized form of it is stored elsewhere in the document (in streams, the names of which begin with __SRP_, followed by a number).
Thus in my maldoc trainings, I always explain that the presence of __SRP_ streams is an indication that the VBA code has been executed prior to the saving of the document, and vice-versa, that the absence means that the code was not executed (prior to saving).
I recently discovered that these __SRP_ streams are also created when the VBA project is compiled (without running the macros), by selecting menu option “Debug / Compile Project” in the VBA IDE.
Didier Stevens 
[…] Didier StevensVBA: __SRP_ Streams […]
Pingback by Week 01 – 2022 – This Week In 4n6 — Sunday 2 January 2022 @ 11:03