diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 066b7d49e..b54d6731c 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -143,9 +143,47 @@ jobs:
       - name: Fix permissions
         run: attrib -r appdir/Cryptomator/Cryptomator.exe
         shell: pwsh
-      - name: Extract integrations DLL for code signing
+      - name: Codesign binaries inside jars
+        run: |
+          $certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}'
+          $password = '${{ secrets.WIN_CODESIGN_P12_PW }}'
+          $certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A'
+          $description = 'Cryptomator'
+          $timestampUrl = 'http://timestamp.digicert.com'
+          $folder = ".\appdir\Cryptomator\app"
+          $tmpDir = ".\extract"
+          $signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName
+
+          # preps
+          Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False
+
+          # import certificate
+          $bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray
+          Set-Content -Path ".\certFile" -AsByteStream -Value $bytes
+          & certutil -f -p $password -importpfx ".\certFile"
+
+          # create directory to extract every jar to
+          New-Item -Path $tmpDir -ItemType Directory
+          # iterate over all jars
+          Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object {
+              $jar = Copy-Item $_ -Destination $tmpDir -PassThru
+              Set-Location -Path $tmpDir
+              jar --file=$($_.FullName) --extract
+              Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object {
+                  # sign
+                  & $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName
+                  # update jar with signed dll
+                  jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_)
+              }
+              # replace old jar with its update
+              Move-Item -Path $($jar.FullName) -Destination $_ -Force
+              # clear extraction dir
+              Remove-Item -Path ".\*" -Force -Recurse
+              Set-Location -Path ".."
+          }
+          # clean up
+          Remove-Item -Path $tmpDir
         shell: pwsh
-        run: gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --extract integrations.dll }
       - name: Codesign
         uses: skymatic/code-sign-action@v2
         with:
@@ -156,10 +194,6 @@ jobs:
           timestampUrl: 'http://timestamp.digicert.com'
           folder: appdir/Cryptomator
           recursive: true
-      - name: Repack signed DLL into jar
-        shell: pwsh
-        run: |
-          gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --update integrations.dll; Remove-Item integrations.dll}
       - name: Generate license for MSI
         run: >
           mvn -B license:add-third-party