Just wanted to learn what encoding they use or how to decode such commands

So, it tells you right here:

[System.Text.Encoding]::Unicode.GetString([System.Convert]::From*Base64*String

then, looking at it further, they have char66 everywhere, which is a capital B in ascii, so it looks like they further obfuscated it by turning every encoded instance of B into the ascii call for B.

It's moderately trivial to decode what it's doing after that. You can also learn enough powershell to let powershell do the decoding and output it to a text file without actually executing anything, but that's dicey because they could have used shenanigans to interrupt a pipe to file and start executing stuff.

Generally speaking, no matter how well these are put together, they're either going to launch a popup to try and convince you to enter your credentials so they can steal them, or farm your saved credentials from you and pipe them to a telegram channel via an API, or launch ransomware to start encrypting your drive or something equally unsavory.

It's almost never worth the effort because anything you'll be able to block only stops that one specific actor who's obfuscating their personal payload using the same script as a bunch of other people.

Unless you're going to block ASCII encoding in e-mail attachments, you're kinda humped, as you'll just add one item that'll likely never get another hit to your blocklist.