What you're seeing is a Base64-encoded binary message.
You're sending 19 bytes (
ABF16545614365432654362543265432654365) but are receiving 32 bytes (
QCUTASYAtAcB7p5Suxnuu5OKLBlbx5rcBYmUJP37ijg= as Base64, which when decoded to hexadecimal bytes is
402513012600B40701EE9E52BB19EEBB938A2C195BC79ADC05899424FDFB8A38). As the latter is much longer than you're sending, that Base64-encoded message is not the encrypted payload, but is the full LoRaWAN message.
A full LoRaWAN message is not fully encrypted; it has LoRaWAN headers that anyone can decode (and these headers tell you your example is an unconfirmed uplink from device
26011325 with frame counter
1972). Only the actual payload is encrypted (in your example that is
EE9E52BB19EEBB938A2C195BC79ADC05899424, 19 bytes, matching the length of what you're sending, but then encrypted).
(Note that when using TTN Console, and defining an application there, TTN can do all decrypting for you. But then you trust TTN with the secrets of your application.)