What is the generated TOTP ? Is it actually an OTP? You can see this by injecting the OTP into a field that isn’t obscured, like the username field.
Failing that, can you generate a valid TOTP manually with the secret stored as the logon account’s password (when you show/copy the secret out of CyberArk?) When you generate it manually, is it the same as what the Preconnect DLL generates ?
If you have the ability to do so, you can clone the example code from GitHub, add debug logging, and recompile.