Are you running Avast in Passive mode ?
Having two resident antivirus scanners can result in conflict.
If not then Windows Defender should have been disabled by the Operating System (Windows Security Centre), it may well be set to run periodic scans (a default action I believe). You should be able to disable the periodic scans by defender.
As Michael mentioned this is a text file, so should be harmless, so why defender is scanning it is beyond me. However, if the web shield has previously made any detection, there could be a URL in the web shield report file, but again not CoinHive.
In the pentesting world, allowing users access to write anything (even text files) is dangerous if unintended.
There is a video working on a HTB box (actually - two of them) done by ippsec. Starts with allowing a PUT [file] request sent to the server with some ASPX as a text file, then executing a MOVE command via HTTP to move the file form a cmd.txt to cmd.aspx. In short, turning the program from a “harmless” text file to a reverse shell. In layman’s terms, creating an vb, vba or vbs script from a text file.
True though, this isn’t the case. The Webshield.txt file is a legitimate Avast! file, and Windows Defender is falsely alerting on it. It can be safely ignored (or deleted) if you prefer.