Autochk.exe is a version of chkdsk that runs only on NTFS disks and only before Windows Server starts. autochk cannot be run directly from the command-line. (https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/autochk)
Autochk should be a System32 executable signed by Microsoft; however you may run into other instances if you are hunting for unsigned executables in the System32 folder. One example is if you use Absolute software in your environment. In normal scenarios Absolute's autochk should spawn rpcnetp.exe and then be replaced by the normal Windows autochk. However in VDI environments this replacement might not happen and Absolute's version might still linger. To look for signs of that autochk being Absolute, look for network flows to 209[.]53[.]113[.]23 and search[.]namequery[.]com. (https://securelist.com/absolute-computrace-revisited/58278/)
However, the APT Emissary Panda was also known to use an autochk rootkit. Full details can be found at https://repnz.github.io/posts/autochk-rootkit-analysis/ .