02 | 2 outputs |
----------------------------------------------------------- | -------------------------------------------------- |
0000000000000000 | value in satoshis to pay to the first output |
23 | size of script (35 bytes) |
21 | push 33 bytes |
02000000.....00000000 | public key |
ac | OP_CHECKSIG |
----------------------------------------------------------- | -------------------------------------------------- |
0000000000000000 | value in satoshis to pay the second output |
19 | size of script (25 bytes) |
76 | OP_DUP |
a9 | OP_HASH160 |
14 | push 20 bytes |
3625c4a2ea974760a816368fd15de771594476e7 | pubkey hash |
88 | OP_EQUALVERIFY |
ac | OP_CHECKSIG |
The public key used in the first output hashes to the pubkey hash used in the second output. As garlonicon has said, the first output which is P2PK with an invalid public key is unspendable, whereas the second output with a pubkey hash generated from from the invalid public key would be spendable if you find an address collision (obviously ignoring the fact that both outputs are empty).