$result = Get-WinEvent -FilterHashtable @{Path="C:\\file.evtx";} | ForEach-Object {
    # convert the event to XML and grab the Event node
    $eventXml = ([xml]$_.ToXml()).Event
    # create an ordered hashtable object to collect all data
    # add some information from the xml 'System' node first
    $evt = @{
        Data = $eventXML.EventData.Data
    }
    $eventXml.EventData.ChildNodes | ForEach-Object { $evt[$_.Name] = $_.'#text' }
    # output as PsCustomObject. This ensures the $result array can be written to CSV easily
    [PsCustomObject]$evt
}

# output to screen
#Takes EventData XML from event, formats it, drops it to a string and sets width appropriately, greps for the appropriate HostApplication line, drops to string and formats again, splits it into separate lines with the base64 on its own line, greps and decodes the base64 lines, and drops any nulls.
#Still needs NULs removed but that seems to work better in notepad++ - find and replace regex \\x00 with nothing
((-Split ($result | Format-List | Out-String -Stream -Width 1000 | Select-String "HostApplication"  | Out-String -Stream -Width 1000)) | Select-String "==" | %{[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($_))})  

# output to CSV file
#(-Split ($result | Format-List | Out-String -Stream -Width 1000 | Select-String "HostApplication"  | Out-String -Stream -Width 1000)) | Select-String "==" | %{[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($_))}  | Out-File C:\\file\\test2.txt

Reads a saved event log, parses XML EventData, finds encoded powershell, and decodes it. Will need the exact line in the event data adjusted, i.e., Select-String "HostApplication"