Some fivem mods/plugins can be hacked or contain virus if you download them from not trusted sources. In this case the hacked mod will create another administrator user on windows with Moda username. This user will be able to access your VPS and your all files, also can send spam, hack other servers or send DDOS attack from your VPS.
If this happen with your VPS server, do the following.

1, Stop all running program, fivem server, database server, etc
2, Download a virus removal tool, and do a virus scan. Alternatively you can download Norton Power Eraser ( https://www.norton.com/npe_latest ) that can do virus scan without install. When the virus removal tool ask you to reboot the VPS, accept it.
3, When the virus removal is completed, delete the unknown Windows users. Click on Start menu -> Control Panel -> Change account type -> Moda -> Delete account. If it ask you, delete all files. If Windows doesn't let you to delete the user, try to restart Windows again from start menu.
4, Change your Administrator password: Start menu -> Control Panel -> Change account type -> Administrator -> Change the password


Also you should change the password on our website, on your email address. If you run the fivem server on your home computer, you should also check your own computer.
Also a great tool to check if your password is compromised or not: haveibeenpwned.com