It looks like you may have some spoofed received headers:
Received: from bouttecontour.cloud (195.58.39.136) looks like genuine injection to O365 at Tue, 10 May 2022 02:17:36 +0000
But the Received headers below that have a time disconnect and seem to show internal O365 processing BEFORE the injection.
Received: from SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) by
ME1PR01MB1235.ausprd01.prod.outlook.com with HTTPS; Sun, 8 May 2022 04:00:40
+0000
Received: from SYXPR01CA0100.ausprd01.prod.outlook.com (2603:10c6:0:2e::33) by
SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5227.18; Sun, 8 May 2022 04:00:37 +0000
Received: from SY4AUS01FT005.eop-AUS01.prod.protection.outlook.com
(2603:10c6:0:2e:cafe::e6) by SYXPR01CA0100.outlook.office365.com
(2603:10c6:0:2e::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.18 via Frontend
Transport; Sun, 8 May 2022 04:00:37 +0000
Compare those to the headers from an example we're also investigating:
Received: from breckcraigint.pro (195.58.39.137) by DM6NAM12FT048.mail.protection.outlook.com (10.13.178.173) with Microsoft SMTP Server id 15.20.5250.8 via Frontend Transport; Mon, 9 May 2022 02:00:01 +0000
Again the header lines below this appear to show O365 processing - which match exactly with your example.
Received: from SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) by ME1PR01MB1235.ausprd01.prod.outlook.com with HTTPS; Sun, 8 May 2022 04:00:40 +0000
Received: from SYXPR01CA0100.ausprd01.prod.outlook.com (2603:10c6:0:2e::33) by
SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5227.18; Sun, 8 May 2022 04:00:37 +0000
Received: from SY4AUS01FT005.eop-AUS01.prod.protection.outlook.com
(2603:10c6:0:2e:cafe::e6) by SYXPR01CA0100.outlook.office365.com
(2603:10c6:0:2e::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.18 via Frontend
Transport; Sun, 8 May 2022 04:00:37 +0000